CVE-2026-44999: OpenClaw: Isolated cron awareness events were recorded as trusted system events
(updated )
Output from webhook-triggered isolated cron agent runs could be queued into the main session awareness stream without trusted: false. That made the event render as a trusted System: event instead of an untrusted system event.
This is a trust-labeling issue that can strengthen prompt-injection impact, but it does not directly bypass gateway auth, tool policy, or sandboxing. Severity is low.
References
- github.com/advisories/GHSA-57r2-h2wj-g887
- github.com/openclaw/openclaw/commit/f61896b03cc7031f51106a04566831f4ac2a0bd7
- github.com/openclaw/openclaw/security/advisories/GHSA-57r2-h2wj-g887
- nvd.nist.gov/vuln/detail/CVE-2026-44999
- www.vulncheck.com/advisories/openclaw-improper-trust-labeling-in-isolated-cron-awareness-events
Code Behaviors & Features
Detect and mitigate CVE-2026-44999 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →