GHSA-57r2-h2wj-g887

Source

https://github.com/advisories/GHSA-57r2-h2wj-g887

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-57r2-h2wj-g887/GHSA-57r2-h2wj-g887.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-57r2-h2wj-g887

Aliases

CVE-2026-44999

Downstream

MINI-56fj-m9cj-375x

Published

2026-04-25T23:47:31Z

Modified

2026-05-19T16:00:13.179824301Z

Severity

1.7 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U CVSS Calculator

Summary

OpenClaw: Isolated cron awareness events were recorded as trusted system events

Details

Affected Packages / Versions

Package: openclaw (npm)
Affected versions: < 2026.4.20
Patched version: 2026.4.20

Impact

Output from webhook-triggered isolated cron agent runs could be queued into the main session awareness stream without trusted: false. That made the event render as a trusted System: event instead of an untrusted system event.

This is a trust-labeling issue that can strengthen prompt-injection impact, but it does not directly bypass gateway auth, tool policy, or sandboxing. Severity is low.

Fix

OpenClaw now preserves untrusted labels for isolated cron awareness events and forwards the trust flag through cron delivery helpers.

Fix commit:

f61896b03cc7031f51106a04566831f4ac2a0bd7

Release

Fixed in OpenClaw 2026.4.20.

Database specific

{
    "github_reviewed": true,
    "severity": "LOW",
    "github_reviewed_at": "2026-04-25T23:47:31Z",
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-345"
    ]
}

References

Affected packages

npm / openclaw

Package

Name: openclaw; View open source insights on deps.dev
Purl: pkg:npm/openclaw

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2026.4.20

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-57r2-h2wj-g887/GHSA-57r2-h2wj-g887.json"