Cyber Posture

CVE-2026-43534

CriticalPublic PoC

Published: 05 May 2026

Published
05 May 2026
Modified
05 May 2026
KEV Added
Patch
CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0001 2.9th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

OpenClaw before 2026.4.10 contains an input validation vulnerability that allows external hook metadata to be enqueued as trusted system events. Attackers can supply malicious hook names to escalate untrusted input into higher-trust agent context.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly requires validation of external hook metadata inputs before processing, preventing malicious names from being enqueued as trusted system events.

SI-2 Flaw Remediation good match
prevent

Mandates timely identification and correction of the input validation flaw, enabling patching to OpenClaw 2026.4.10 to eliminate the vulnerability.

AC-4 Information Flow Enforcement partial match
prevent

Enforces information flow controls to block untrusted external inputs from escalating into higher-trust agent event queues.

Security SummaryAI

CVE-2026-43534 is an input validation vulnerability in OpenClaw versions prior to 2026.4.10. The flaw allows external hook metadata to be enqueued as trusted system events, enabling attackers to supply malicious hook names that escalate untrusted input into a higher-trust agent context. It is classified under CWE-345 (Insufficient Verification of Data Authenticity) with a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating critical severity due to high confidentiality and integrity impacts achievable over the network without privileges or user interaction.

Remote attackers require no authentication or privileges to exploit this vulnerability. By crafting malicious hook names in external inputs, they can inject untrusted data into trusted system event queues, potentially leading to unauthorized access to sensitive information or modification of agent behaviors within the higher-trust context.

Mitigation is addressed in OpenClaw version 2026.4.10, as evidenced by the associated GitHub commit (e3a845bde5b54f4f1e742d0a51ba9860f9619b29) that resolves the issue. The GitHub security advisory (GHSA-7g8c-cfr3-vqqr) and Vulncheck advisory detail the unsanitized external input problem in agent hook events, recommending immediate upgrades to patched versions for affected deployments.

Details

CWE(s)
CWE-345

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Remote unauthenticated input validation flaw (CWE-345) allows injection of malicious hooks into trusted agent event queues, directly enabling exploitation of public-facing applications for privilege escalation into higher-trust context.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

References