CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-43583

OpenClaw versions 2026.4.10 before 2026.4.14 fail to persist session context during delivery queue recovery for media replay. Attackers can exploit recovered queued outbound media to bypass group tool policy enforcement and weaken channel media restrictions after service restart or recovery.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 11.7%

CVSS Severity

CVSS v3 Score 5.3

References

https://github.com/openclaw/openclaw/commit/48aae82bbc19ba8b0741e61a08063eb0d1df464e
https://github.com/openclaw/openclaw/security/advisories/GHSA-r77c-2cmr-7p47
https://www.vulncheck.com/advisories/openclaw-loss-of-group-tool-policy-context-in-delivery-queue-recovery

Products affected by CVE-2026-43583

Openclaw » Openclaw » Version: 2026.4.10

cpe:2.3:a:openclaw:openclaw:2026.4.10
Openclaw » Openclaw » Version: 2026.4.11

cpe:2.3:a:openclaw:openclaw:2026.4.11
Openclaw » Openclaw » Version: 2026.4.12

cpe:2.3:a:openclaw:openclaw:2026.4.12

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-43583

Products

Pricing

Contact Us