Launch Week Day 1: Announcing Security Design Review
Start for Free
UNKNOWN npm

OpenClaw: Isolated cron awareness events were recorded as trusted system events

GHSA-57r2-h2wj-g887 · CVE-2026-44999

Published · Modified

Description

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected versions: < 2026.4.20
  • Patched version: 2026.4.20

Impact

Output from webhook-triggered isolated cron agent runs could be queued into the main session awareness stream without trusted: false. That made the event render as a trusted System: event instead of an untrusted system event.

This is a trust-labeling issue that can strengthen prompt-injection impact, but it does not directly bypass gateway auth, tool policy, or sandboxing. Severity is low.

Fix

OpenClaw now preserves untrusted labels for isolated cron awareness events and forwards the trust flag through cron delivery helpers.

Fix commit:

  • f61896b03cc7031f51106a04566831f4ac2a0bd7

Release

Fixed in OpenClaw 2026.4.20.

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes