CVE-2026-45006
Published: 11 May 2026
Summary
CVE-2026-45006 is a high-severity Incomplete List of Disallowed Inputs (CWE-184) vulnerability. Its CVSS base score is 8.8 (High).
Operationally, ranked at the 29.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Spam filters rely on evolving blacklists, signatures, and heuristics of disallowed message patterns; keeping them updated per the control directly mitigates incomplete disallowed-input lists.
NVD Description
OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows compromised models to write unsafe configuration changes by bypassing an incomplete denylist protection. Attackers can persist malicious config modifications affecting command…
more
execution, network behavior, credentials, and operator policies that survive restart.
Deeper analysisAI
Automated synthesis unavailable for this CVE.
Details
- CWE(s)