CVE-2026-44993 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
VulnCheck	CNA	5.4 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 10%

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
openclaw	openclaw	𝑥 < 2026.4.20	CNA

Common Weakness Enumeration

CWE-184 - Incomplete List of Disallowed Inputs
The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete, leading to resultant weaknesses.

Vulnerability Media Exposure

[GERMAN] OpenClaw: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen in OpenClaw ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen, möglicherweise Sicherheitsmaßnahmen zu umgehen und Daten zu manipulieren oder offenzulegen.
Published: 2026-04-21T22:00:00+00:00

References

https://github.com/openclaw/openclaw/commit/90979d7c3ef7ec30b9f8aa6963a5e38d2f17d166

https://github.com/openclaw/openclaw/security/advisories/GHSA-72q8-jcmc-97wx

https://www.vulncheck.com/advisories/openclaw-direct-message-misclassification-in-feishu-card-actions