CVE-2026-43535— OpenClaw < 2026.4.14 - Authorization Context Reuse in Collect-Mode Queue Batches
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-43535
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenClaw < 2026.4.14 - Authorization Context Reuse in Collect-Mode Queue Batches
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenClaw before 2026.4.14 contains an authorization context reuse vulnerability in collect-mode queue batches that allows messages from different senders to inherit the final sender's authorization context. Attackers can exploit this by sending multiple queued messages to drain batches using a more privileged sender's context, causing earlier messages to execute with elevated permissions.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
特权授予不正确
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenClaw 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.4.14之前版本存在安全漏洞,该漏洞源于收集模式队列批次中授权环境重用,允许来自不同发送者的消息继承最终发送者的授权环境,可能导致攻击者通过发送多个排队消息利用更高权限发送者的环境耗尽批次,使早期消息以提升权限执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-43535
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-43535
请登录查看更多情报信息。
Same Patch Batch · OpenClaw · 2026-05-05 · 26 CVEs total
| CVE-2026-43566 | 9.1 CRITICAL | OpenClaw 2026.4.7 < 2026.4.14 - Privilege Escalation via Untrusted Webhook Wake Events |
| CVE-2026-43534 | 9.1 CRITICAL | OpenClaw < 2026.4.10 - Unsanitized External Input in Agent Hook Events |
| CVE-2026-43571 | 8.8 HIGH | OpenClaw < 2026.4.10 - Untrusted Workspace Plugin Shadow Resolution in Channel Setup |
| CVE-2026-42434 | 8.8 HIGH | OpenClaw 2026.4.5 < 2026.4.10 - Sandbox Escape via host Parameter Override in Exec Routing |
| CVE-2026-42435 | 8.8 HIGH | OpenClaw 2026.2.22 < 2026.4.12 - Shell-Wrapper Detection Bypass via Environment Variable A |
| CVE-2026-43569 | 8.8 HIGH | OpenClaw < 2026.4.9 - Untrusted Provider Plugin Auto-enablement via Workspace Provider Aut |
| CVE-2026-43530 | 8.8 HIGH | OpenClaw 2026.2.23 < 2026.4.12 - Weakened Exec Approval Binding via busybox and toybox App |
| CVE-2026-43533 | 8.6 HIGH | OpenClaw < 2026.4.10 - Arbitrary Local File Read via QQBot Media Tags |
| CVE-2026-42439 | 8.5 HIGH | OpenClaw < 2026.4.10 - SSRF Policy Bypass in Browser Tabs Action Routes |
| CVE-2026-43526 | 8.2 HIGH | OpenClaw < 2026.4.12 - Server-Side Request Forgery via QQBot Reply Media URL Handling |
| CVE-2026-43527 | 7.7 HIGH | OpenClaw < 2026.4.14 - Server-Side Request Forgery via Private Network Navigation |
| CVE-2026-42438 | 7.7 HIGH | OpenClaw 2026.4.9 < 2026.4.10 - Sender Policy Bypass in Host Media Attachment Reads |
| CVE-2026-43532 | 7.7 HIGH | OpenClaw 2026.4.7 < 2026.4.10 - Sandbox Media Normalization Bypass via Discord Event Cover |
| CVE-2026-42436 | 7.7 HIGH | OpenClaw < 2026.4.14 - Internal Page Content Exposure via Browser Snapshot and Screenshot |
| CVE-2026-43573 | 7.7 HIGH | OpenClaw < 2026.4.10 - SSRF Policy Bypass in Existing-Session Browser Interaction Routes |
| CVE-2026-42437 | 7.5 HIGH | OpenClaw 2026.4.9 < 2026.4.10 - Denial of Service via Oversized WebSocket Frames in Voice- |
| CVE-2026-43531 | 7.3 HIGH | OpenClaw < 2026.4.9 - Environment Variable Injection via Workspace .env File |
| CVE-2026-43528 | 6.5 MEDIUM | OpenClaw < 2026.4.14 - Redaction Bypass via sourceConfig and runtimeConfig Aliases |
| CVE-2026-43574 | 6.5 MEDIUM | OpenClaw < 2026.4.12 - Improper Authorization via Empty Approver Lists |
| CVE-2026-43567 | 6.5 MEDIUM | OpenClaw < 2026.4.10 - Path Traversal in screen_record outPath Parameter |
Showing top 20 of 26 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: OpenClaw
- CVE-2026-44118
OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Tok - CVE-2026-44116
OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo P - CVE-2026-44117
OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot - CVE-2026-44115
OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted He - CVE-2026-44114
OpenClaw < 2026.4.20 - Environment Variable Namespace Collis
Same vendor: OpenClaw
- CVE-2026-44118
OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Tok - CVE-2026-44116
OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo P - CVE-2026-44117
OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot - CVE-2026-44115
OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted He - CVE-2026-44114
OpenClaw < 2026.4.20 - Environment Variable Namespace Collis
Same weakness: CWE-266
- CVE-2026-8148
NAVER MYBOX Explorer for Windows 安全漏洞 - CVE-2026-43510
CISA manage.get.gov insecure portfolio administrative privil - CVE-2026-42368
GeoVision LPC2011/LPC2211 Web Interface privilege escalation - CVE-2026-22337
WordPress Directorist Social Login plugin < 2.1.4 - Privileg - CVE-2026-33519
Incorrect privilege assignment in Portal for ArcGIS
V. Comments for CVE-2026-43535
No comments yet