Summary
The OpenClaw 2026.4 audit log records tool calls but did not include the full prompt context that triggered them. A prompt-injection attack could not be reconstructed from logs alone, making forensic analysis significantly harder. Improvement scheduled but not yet shipped.
Details
| CVE ID | CVE-2026-22807 |
| Severity | medium (5) |
| CVSS vector | AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N |
| Published | 2026-04-18 |
| Patched | not yet |
| Affected versions | 2026.4.0 – current |
| Fixed in | Pending (planned 2026.5) |
| Exploited in the wild | no known exploitation |
Affected projects
What to do
- If you run an affected version: upgrade to
Pending (planned 2026.5)immediately. Do not delay this for convenience reasons. - Rotate any credentials that may have been exposed via the affected component.
- Audit your logs for indicators of exploitation — unexpected outbound traffic, anomalous tool calls, unfamiliar authenticated sessions.
- If exploitation is confirmed, treat the host as compromised: rebuild from a clean image, rotate every secret on the host, audit lateral movement.
Sources
- NIST NVD: CVE-2026-22807 on NVD
See also: all CVEs, tracked agents, methodology.