PT-2026-39686 · Openclaw · Openclaw
Keensecuritylab
·
Published
2026-05-04
·
Updated
2026-05-11
·
CVE-2026-44997
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
OpenClaw versions prior to 2026.4.22
Description
A security envelope constraint bypass allows restricted subagents to spawn ACP child sessions that do not inherit depth, child-count limits, control scope, or target-agent restrictions. This can be exploited to spawn child sessions that bypass subagent-only constraints, potentially leading to privilege escalation or unauthorized access to restricted resources.
Recommendations
Update to version 2026.4.22.
Exploit
Fix
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Openclaw