High severity7.8NVD Advisory· Published May 6, 2026· Updated May 7, 2026
CVE-2026-44118
CVE-2026-44118
Description
OpenClaw before 2026.4.22 derives loopback MCP owner context from spoofable server-issued bearer tokens in request headers. Non-owner loopback clients can present themselves as owner to bypass owner-gated operations by manipulating the sender-owner header metadata.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
openclawnpm | < 2026.4.22 | 2026.4.22 |
Affected products
3Patches
Vulnerability mechanics
References
5- github.com/openclaw/openclaw/commit/3cb1a56bfc9579a0f2336f9cfa12a8a744332a19nvdPatchWEB
- github.com/advisories/GHSA-r6xh-pqhr-v4xhghsaADVISORY
- github.com/openclaw/openclaw/security/advisories/GHSA-r6xh-pqhr-v4xhnvdMitigationVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-44118ghsaADVISORY
- www.vulncheck.com/advisories/openclaw-owner-context-spoofing-via-bearer-token-headernvdThird Party AdvisoryWEB
News mentions
4- Patched OpenClaw Flaw Let Hackers Hijack AI AgentsGovInfoSecurity · May 19, 2026
- 'Claw Chain' Vulnerabilities Threaten OpenClaw DeploymentsDark Reading · May 18, 2026
- ‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor DeliverySecurityWeek · May 18, 2026
- Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and PersistenceThe Hacker News · May 15, 2026