CVE-2026-43530 HIGH

CVE-2026-43530: OpenClaw 2026.2.23 < 2026.4.12 - Weakened Exec Approval Binding via busybox and toybox Applet Execution

Vendor Openclaw

Product OpenClaw

Weakness CWE-863 · Incorrect authorization

Published May 5, 2026

Last update May 5, 2026

View on NVD All CVEs

CVSS base score

8.7/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

OpenClaw versions 2026.2.23 before 2026.4.12 contain a weakened exec approval binding vulnerability in busybox and toybox applet execution that allows attackers to obscure which applet would actually run. Attackers can exploit opaque multi-call binaries to bypass exec approval mechanisms and weaken risk classification of unsafe applet invocations.

Key dates

02Disclosure timeline

May 5, 2026 CVE published

May 5, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-43530 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/863.html

Related vulnerabilities

04Related CVE

CVE-2025-41436 Unauthorized access to archived channel content via threads interface CVE-2026-44633 Live Helper Chat: REST API chat update accepts arbitrary chat fields across department boundaries CVE-2026-39381 Parse Server's Endpoint `/sessions/me` bypasses `_Session` `protectedFields` CVE-2026-32918 OpenClaw < 2026.3.11 - Session Sandbox Escape via session_status Tool CVE-2025-46702 Mattermost Playbooks allows privilege escalation through improper access control in playbook run participant management