Authenticated /hooks/wake and mapped wake payloads are promoted into the trusted System: prompt channel.
An authenticated wake hook or mapped wake payload could be promoted into the trusted System prompt channel instead of an untrusted event.
OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.
openclaw (npm)<= 2026.4.22026.4.8The issue was fixed on main and is available in the patched npm version listed above. The verified fixed tree is commit d7c3210cd6f5fdfdc1beff4c9541673e814354d5.
The fix was re-checked against main before publication, including targeted regression tests for the affected security boundary.
Thanks @tdjackey for reporting.
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 8.5 | 4.0 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-jf56-mccx-5f3f ↗ |
| CWE id | Name |
|---|---|
| CWE-501 | Trust Boundary Violation |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| npm | openclaw | <= 2026.4.2 | 2026.4.8 | — |