GHSA-57r2-h2wj-g887: OpenClaw: Isolated cron awareness events were recorded as trusted system events

April 25, 2026

Output from webhook-triggered isolated cron agent runs could be queued into the main session awareness stream without trusted: false. That made the event render as a trusted System: event instead of an untrusted system event.

This is a trust-labeling issue that can strengthen prompt-injection impact, but it does not directly bypass gateway auth, tool policy, or sandboxing. Severity is low.

References

github.com/advisories/GHSA-57r2-h2wj-g887
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/f61896b03cc7031f51106a04566831f4ac2a0bd7
github.com/openclaw/openclaw/security/advisories/GHSA-57r2-h2wj-g887

Code Behaviors & Features

Detect and mitigate GHSA-57r2-h2wj-g887 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →