Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-43566

OpenClaw versions 2026.4.7 before 2026.4.14 contain a privilege escalation vulnerability where heartbeat owner downgrade logic skips webhook wake events carrying untrusted content. Attackers can exploit this by sending untrusted webhook wake events to preserve owner-like execution context when the run should have been downgraded.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 36.7%
CVSS Severity
CVSS v3 Score 9.1
Products affected by CVE-2026-43566
  • Openclaw » Openclaw » Version: 2026.4.10
    cpe:2.3:a:openclaw:openclaw:2026.4.10
  • Openclaw » Openclaw » Version: 2026.4.11
    cpe:2.3:a:openclaw:openclaw:2026.4.11
  • Openclaw » Openclaw » Version: 2026.4.12
    cpe:2.3:a:openclaw:openclaw:2026.4.12
  • Openclaw » Openclaw » Version: 2026.4.7
    cpe:2.3:a:openclaw:openclaw:2026.4.7
  • Openclaw » Openclaw » Version: 2026.4.7-1
    cpe:2.3:a:openclaw:openclaw:2026.4.7-1
  • Openclaw » Openclaw » Version: 2026.4.8
    cpe:2.3:a:openclaw:openclaw:2026.4.8
  • Openclaw » Openclaw » Version: 2026.4.9
    cpe:2.3:a:openclaw:openclaw:2026.4.9


Products
Pricing
Contact Us

Shodan ® - All rights reserved