GHSA-57r2-h2wj-g887
OpenClaw: Isolated cron awareness events were recorded as trusted system events
Details
## Affected Packages / Versions
- Package: `openclaw` (npm) - Affected versions: `< 2026.4.20` - Patched version: `2026.4.20`
## Impact
Output from webhook-triggered isolated cron agent runs could be queued into the main session awareness stream without `trusted: false`. That made the event render as a trusted `System:` event instead of an untrusted system event.
This is a trust-labeling issue that can strengthen prompt-injection impact, but it does not directly bypass gateway auth, tool policy, or sandboxing. Severity is low.
## Fix
OpenClaw now preserves untrusted labels for isolated cron awareness events and forwards the trust flag through cron delivery helpers.
Fix commit:
- `f61896b03cc7031f51106a04566831f4ac2a0bd7`
## Release
Fixed in OpenClaw `2026.4.20`.
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://github.com/openclaw/openclaw/security/advisories/GHSA-57r2-h2wj-g887 [WEB]
- https://nvd.nist.gov/vuln/detail/CVE-2026-44999 [ADVISORY]
- https://github.com/openclaw/openclaw/commit/f61896b03cc7031f51106a04566831f4ac2a0bd7 [WEB]
- https://github.com/openclaw/openclaw [PACKAGE]
- https://www.vulncheck.com/advisories/openclaw-improper-trust-labeling-in-isolated-cron-awareness-events [WEB]