CVE-2026-43566 -- CVSS 9.1 Vulnerability Briefing

CVE-2026-43566 | CVSS 9.1 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-43566 is a privilege escalation vulnerability in Openclaw versions 2026.4.7 through 2026.4.13, affecting the platform's heartbeat owner downgrade logic and its handling of webhook wake events.

Technical Detail

The flaw exists in the heartbeat owner downgrade logic, which fails to properly validate or reject webhook wake events that carry untrusted content, effectively skipping a critical security check. An attacker who can deliver a crafted webhook wake event can exploit this gap to escalate privileges within the affected Openclaw instance. The impact is privilege escalation, potentially allowing an attacker to gain elevated access or control over resources beyond their authorized scope.

Exploitation Status

No known exploit exists for this vulnerability at this time. It is not listed in CISA's Known Exploited Vulnerabilities catalog, and there is no confirmed public proof-of-concept code or evidence of active exploitation in the wild. The risk posture may change as the vulnerability becomes more widely understood following disclosure.

Who Is Targeting This

No specific threat actor attribution at this time. No campaigns or targeted sectors have been associated with this CVE as of May 12, 2026.

What To Do

Organizations running Openclaw should upgrade to version 2026.4.14 or later immediately, as this release contains the fix for the identified flaw. Given the critical CVSS score of 9.1, patching should be treated as high priority even in the absence of confirmed active exploitation. Until patching is complete, administrators should restrict external access to webhook endpoints where feasible and audit logs for anomalous privilege changes or unexpected webhook activity. Monitor Openclaw's official security advisories and the CISA KEV catalog for updates on exploitation status.