CVE-2026-43534

Published: Mag 05, 2026 Last Modified: Mag 05, 2026

ExploitDB:

Other exploit source:

Google Dorks:

CRITICAL 9,3

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

CRITICAL 9,1

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: none

Description

AI Translation Available

OpenClaw before 2026.4.10 contains an input validation vulnerability that allows external hook metadata to be enqueued as trusted system events. Attackers can supply malicious hook names to escalate untrusted input into higher-trust agent context.

345

Insufficient Verification of Data Authenticity

Draft

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Other

Potential Impacts:

Varies By Context Unexpected State

Applicable Platforms

Technologies: ICS/OT

View CWE Details

https://github.com/openclaw/openclaw/commit/e3a845bde5b54f4…

https://github.com/openclaw/openclaw/commit/e3a845bde5b54f4f1e742d0a51ba9860f96…

https://github.com/openclaw/openclaw/security/advisories/GH…

https://github.com/openclaw/openclaw/security/advisories/GHSA-7g8c-cfr3-vqqr

https://www.vulncheck.com/advisories/openclaw-unsanitized-e…

https://www.vulncheck.com/advisories/openclaw-unsanitized-external-input-in-age…

CVE-2026-43534

Description

Insufficient Verification of Data Authenticity

Common Consequences

Applicable Platforms

Iscriviti alla newsletter