CVE-2026-43534
CriticalSummary
OpenClaw before version 2026.4.10 contains an input validation vulnerability that allows external hook metadata to be enqueued as trusted system events. Attackers can supply malicious hook names to escalate untrusted input into higher-trust agent context.
Risk Assessment
This vulnerability may lead to privilege escalation, posing a serious threat to the integrity of the system and the security of data within the organization.
Recommendation
It is recommended to update OpenClaw to version 2026.4.10 or later to mitigate this vulnerability and implement additional input validation mechanisms.
Original NVD description (English source)
OpenClaw before 2026.4.10 contains an input validation vulnerability that allows external hook metadata to be enqueued as trusted system events. Attackers can supply malicious hook names to escalate untrusted input into higher-trust agent context.

