CVE-2026-43534: OpenClaw: Agent hook events could enqueue trusted system events from unsanitized external input
(updated )
Agent hook events could enqueue trusted system events from unsanitized external input.
References
- github.com/advisories/GHSA-7g8c-cfr3-vqqr
- github.com/openclaw/openclaw
- github.com/openclaw/openclaw/commit/e3a845bde5b54f4f1e742d0a51ba9860f9619b29
- github.com/openclaw/openclaw/pull/64372
- github.com/openclaw/openclaw/security/advisories/GHSA-7g8c-cfr3-vqqr
- nvd.nist.gov/vuln/detail/CVE-2026-43534
- www.vulncheck.com/advisories/openclaw-unsanitized-external-input-in-agent-hook-events
Code Behaviors & Features
Detect and mitigate CVE-2026-43534 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →