GHSA-7g8c-cfr3-vqqr: OpenClaw: Agent hook events could enqueue trusted system events from unsanitized external input

April 17, 2026

Agent hook events could enqueue trusted system events from unsanitized external input.

References

github.com/advisories/GHSA-7g8c-cfr3-vqqr
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/e3a845bde5b54f4f1e742d0a51ba9860f9619b29
github.com/openclaw/openclaw/pull/64372
github.com/openclaw/openclaw/security/advisories/GHSA-7g8c-cfr3-vqqr

Code Behaviors & Features

Detect and mitigate GHSA-7g8c-cfr3-vqqr with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →