CVE-2026-44999
OpenClaw: Isolated cron awareness events were recorded as trusted system events
Description
## Affected Packages / Versions - Package: `openclaw` (npm) - Affected versions: `< 2026.4.20` - Patched version: `2026.4.20` ## Impact Output from webhook-triggered isolated cron agent runs could be queued into the main session awareness stream without `trusted: false`. That made the event render as a trusted `System:` event instead of an untrusted system event. This is a trust-labeling issue that can strengthen prompt-injection impact, but it does not directly bypass gateway auth, tool policy, or sandboxing. Severity is low. ## Fix OpenClaw now preserves untrusted labels for isolated cron awareness events and forwards the trust flag through cron delivery helpers. Fix commit: - `f61896b03cc7031f51106a04566831f4ac2a0bd7` ## Release Fixed in OpenClaw `2026.4.20`.
How to fix CVE-2026-44999
To remediate CVE-2026-44999, upgrade the affected package to a fixed version below.
- —upgrade to 2026.4.20 or later
Is CVE-2026-44999 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2026.4.20
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U |