Four Critical OpenClaw CVEs Dropped May 5 — Update to v2026.4.12 Now
If you’re running OpenClaw and haven’t updated recently, stop what you’re doing and check your version. On May 5, 2026, four separate high-severity CVEs targeting OpenClaw were publicly disclosed — all affecting versions prior to v2026.4.12. This is a coordinated disclosure event with real attack surface. Here’s what dropped, what it means for your deployment, and what you need to do. The Four CVEs at a Glance CVE-2026-43530 — Weakened Exec Approval Binding (CVSS 8.8) This is the one confirmed in detail via TheHackerWire. OpenClaw versions from 2026.2.23 through pre-2026.4.12 contain a flaw in how the platform binds execution approval to busybox and toybox applet invocations. The vulnerability allows an attacker to obscure which applet will actually run, effectively bypassing OpenClaw’s exec approval mechanism. The risk classification of unsafe applet invocations is degraded — meaning risky commands can slip through approval gates disguised as something benign. ...