PT-2026-39686 · Openclaw · Openclaw

Keensecuritylab

·

Published

2026-05-04

·

Updated

2026-05-11

·

CVE-2026-44997

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.22
Description A security envelope constraint bypass allows restricted subagents to spawn ACP child sessions that do not inherit depth, child-count limits, control scope, or target-agent restrictions. This can be exploited to spawn child sessions that bypass subagent-only constraints, potentially leading to privilege escalation or unauthorized access to restricted resources.
Recommendations Update to version 2026.4.22.

Exploit

Fix

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-44997
GHSA-Q3JJ-46PQ-826R
GHSA-W626-296M-8F85

Affected Products

Openclaw