CVE-2026-43534

The flaw

Input validation vulnerability allows malicious hook metadata to escalate untrusted input into higher-trust agent context.

What to do

Update to OpenClaw 2026.4.10 or later

References

In the news

• OpenClaw is Cooked: 433 CVEs Patched by Agents That Can’t Fix What’s Brokenflyingpenguin.com · 2026-05-07