{"vulnerability": "cve-2026-4353", "sightings": [{"uuid": "5aac97cb-2cd1-4dc1-8d09-24840137eca9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43530", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3ml4qjgobuf2t", "content": "\ud83d\udfe0 CVE-2026-43530 - High (8.8)\n\nOpenClaw versions 2026.2.23 before 2026.4.12 contain a weakened exec approval binding vulnerabili...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-43530/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-05T17:46:02.693261Z"}, {"uuid": "b97ec37e-6ac3-4634-ba6f-117440d329dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43532", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ml4cpifruj2k", "content": "CVE-2026-43532 - OpenClaw 2026.4.7\nCVE ID : CVE-2026-43532\n \n Published : 5. Mai 2026 11:25 | 56\u00a0Minuten ago\n \n Description : OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameters in sandbox media processing. Attackers can bypass me...", "creation_timestamp": "2026-05-05T13:38:51.931721Z"}, {"uuid": "328495bf-13e5-4819-8faf-c2b5a82d0e80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43535", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ml4cyguagu2q", "content": "CVE-2026-43535 - OpenClaw\nCVE ID : CVE-2026-43535\n \n Published : 5. Mai 2026 11:25 | 56\u00a0Minuten ago\n \n Description : OpenClaw before 2026.4.14 contains an authorization context reuse vulnerability in collect-mode queue batches that allows messages from different senders to inh...", "creation_timestamp": "2026-05-05T13:43:52.441909Z"}, {"uuid": "eb6b7617-100c-4bf8-a448-fedc6479a728", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43530", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ml4dkdqqod2k", "content": "CVE-2026-43530 - OpenClaw 2026.2.23\nCVE ID : CVE-2026-43530\n \n Published : 5. Mai 2026 11:25 | 56\u00a0Minuten ago\n \n Description : OpenClaw versions 2026.2.23 before 2026.4.12 contain a weakened exec approval binding vulnerability in busybox and toybox applet execution that allows...", "creation_timestamp": "2026-05-05T13:53:53.276508Z"}, {"uuid": "eec69825-5af2-44a8-8cfa-850c435b23c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43533", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ml47mvcgti2h", "content": "CVE-2026-43533 - OpenClaw\nCVE ID : CVE-2026-43533\n \n Published : 5. Mai 2026 11:25 | 56\u00a0Minuten ago\n \n Description : OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outside the inte...", "creation_timestamp": "2026-05-05T12:43:43.841564Z"}, {"uuid": "e2fc7d2f-036b-4dd4-b26e-91447c42ea13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43531", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ml4admiy662r", "content": "CVE-2026-43531 - OpenClaw\nCVE ID : CVE-2026-43531\n \n Published : 5. Mai 2026 11:25 | 56\u00a0Minuten ago\n \n Description : OpenClaw before 2026.4.9 contains an environment variable injection vulnerability allowing malicious workspace .env files to set runtime-control variables. Atta...", "creation_timestamp": "2026-05-05T12:56:26.729615Z"}, {"uuid": "2b7b51ab-327f-401a-af92-349c433f87de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43534", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ml4axy3e6a2n", "content": "CVE-2026-43534 - OpenClaw\nCVE ID : CVE-2026-43534\n \n Published : 5. Mai 2026 11:25 | 56\u00a0Minuten ago\n \n Description : OpenClaw before 2026.4.10 contains an input validation vulnerability that allows external hook metadata to be enqueued as trusted system events. Attackers can s...", "creation_timestamp": "2026-05-05T13:07:49.265302Z"}, {"uuid": "6f88b441-06c5-40fd-a1a0-cb275b828d4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43532", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3ml4qjnig672w", "content": "\ud83d\udfe0 CVE-2026-43532 - High (7.7)\n\nOpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameter...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-43532/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-05T17:46:10.169859Z"}, {"uuid": "b36ab977-3066-41ed-a9f6-83ddca3e2a52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43533", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3ml4qjwkr3s2n", "content": "\ud83d\udfe0 CVE-2026-43533 - High (8.6)\n\nOpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that ...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-43533/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-05T17:46:18.250134Z"}, {"uuid": "6703baae-b526-4b91-b852-356ae3dbe45b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43534", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3ml4rcaoglm2z", "content": "\ud83d\udd34 CVE-2026-43534 - Critical (9.1)\n\nOpenClaw before 2026.4.10 contains an input validation vulnerability that allows external hook me...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-43534/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-05T17:59:54.704307Z"}, {"uuid": "a7dc589c-41df-4f7f-bb7a-9c665d4d6660", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43533", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116524853085648062", "content": "Some increased actor activities are shown targeting OpenClaw (CVE-2026-43533) https://vuldb.com/vuln/361164/cti", "creation_timestamp": "2026-05-06T00:42:46.913466Z"}, {"uuid": "cd998a6b-cbec-48f2-905d-b23c3a7a05ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43533", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mlb6jbpuyi25", "content": "\ud83d\udccc CVE-2026-43533 - OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outsid... https://www.cyberhub.blog/cves/CVE-2026-43533", "creation_timestamp": "2026-05-07T12:07:07.239145Z"}]}