{"vulnerability": "CVE-2026-4499", "sightings": [{"uuid": "20f9d412-3000-4559-9876-8cf70d9c5b6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44998", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mllwhcxklc2i", "content": "CVE-2026-44998 - OpenClaw\nCVE ID : CVE-2026-44998\n \n Published : May 11, 2026, 6:16 p.m. | 14\u00a0minutes ago\n \n Description : OpenClaw before 2026.4.20 contains a tool policy bypass vulnerability allowing bundled MCP and LSP tools to circumvent configured tool restrictions. Attac...", "creation_timestamp": "2026-05-11T18:42:08.727924Z"}, {"uuid": "b60e9e5a-7d0a-47da-b9d8-42986f82f171", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-4499", "type": "seen", "source": "https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-4499", "content": "", "creation_timestamp": "2026-03-20T19:16:50.000000Z"}, {"uuid": "86953c5d-3f7e-49a4-9a8f-4dbd4bad2d93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44999", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mllwqcnucd2p", "content": "CVE-2026-44999 - OpenClaw\nCVE ID : CVE-2026-44999\n \n Published : May 11, 2026, 6:16 p.m. | 14\u00a0minutes ago\n \n Description : OpenClaw before 2026.4.20 fails to properly preserve untrusted labels for isolated cron awareness events, allowing webhook-triggered cron agent output to ...", "creation_timestamp": "2026-05-11T18:47:10.508516Z"}, {"uuid": "5ac95823-3d0e-4748-b34f-2fca4cac803a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44997", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mllx36epxz2r", "content": "CVE-2026-44997 - OpenClaw\nCVE ID : CVE-2026-44997\n \n Published : May 11, 2026, 6:16 p.m. | 14\u00a0minutes ago\n \n Description : OpenClaw before 2026.4.22 contains a security envelope constraint bypass vulnerability allowing restricted subagents to spawn ACP child sessions that fail...", "creation_timestamp": "2026-05-11T18:53:15.040004Z"}, {"uuid": "a4ba905f-3f34-47dd-a7f9-bca4bbe9c4d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44997", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mllx36epxz2r", "content": "CVE-2026-44997 - OpenClaw\nCVE ID : CVE-2026-44997\n \n Published : May 11, 2026, 6:16 p.m. | 14\u00a0minutes ago\n \n Description : OpenClaw before 2026.4.22 contains a security envelope constraint bypass vulnerability allowing restricted subagents to spawn ACP child sessions that fail...", "creation_timestamp": "2026-05-11T18:53:15.038255Z"}, {"uuid": "8e185ab8-426e-4637-b252-926163fd6e2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44996", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mllxu2s6ga2c", "content": "CVE-2026-44996 - OpenClaw\nCVE ID : CVE-2026-44996\n \n Published : May 11, 2026, 6:16 p.m. | 14\u00a0minutes ago\n \n Description : OpenClaw before 2026.4.15 contains an arbitrary local file read vulnerability in the webchat audio embedding helper that fails to apply local media root c...", "creation_timestamp": "2026-05-11T19:07:10.051189Z"}, {"uuid": "320dcaef-b0d2-48ba-bfb9-8e20fc6e3ff4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44996", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mllxu2s6ga2c", "content": "CVE-2026-44996 - OpenClaw\nCVE ID : CVE-2026-44996\n \n Published : May 11, 2026, 6:16 p.m. | 14\u00a0minutes ago\n \n Description : OpenClaw before 2026.4.15 contains an arbitrary local file read vulnerability in the webchat audio embedding helper that fails to apply local media root c...", "creation_timestamp": "2026-05-11T19:07:10.049096Z"}, {"uuid": "345852e8-6888-4a05-8791-e1df187b1463", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-44990", "type": "published-proof-of-concept", "source": "https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-rpr9-rxv7-x643", "content": "", "creation_timestamp": "2026-05-13T19:28:52.000000Z"}]}