GHSA-57r2-h2wj-g887Low
OpenClaw: Isolated cron awareness events were recorded as trusted system events
🔗 CVE IDs covered (1)
📋 Description
Affected Packages / Versions
- Package:
openclaw(npm) - Affected versions:
< 2026.4.20 - Patched version:
2026.4.20
Impact
Output from webhook-triggered isolated cron agent runs could be queued into the main session awareness stream without trusted: false. That made the event render as a trusted System: event instead of an untrusted system event.
This is a trust-labeling issue that can strengthen prompt-injection impact, but it does not directly bypass gateway auth, tool policy, or sandboxing. Severity is low.
Fix
OpenClaw now preserves untrusted labels for isolated cron awareness events and forwards the trust flag through cron delivery helpers.
Fix commit:
f61896b03cc7031f51106a04566831f4ac2a0bd7
Release
Fixed in OpenClaw 2026.4.20.
🎯 Affected products1
- npm/openclaw:< 2026.4.20
🔗 References (5)
- https://github.com/openclaw/openclaw/security/advisories/GHSA-57r2-h2wj-g887
- https://github.com/openclaw/openclaw/commit/f61896b03cc7031f51106a04566831f4ac2a0bd7
- https://nvd.nist.gov/vuln/detail/CVE-2026-44999
- https://www.vulncheck.com/advisories/openclaw-improper-trust-labeling-in-isolated-cron-awareness-events
- https://github.com/advisories/GHSA-57r2-h2wj-g887