Product
OpenClaw versions before 2026.4.10 are vulnerable to privilege escalation due to improper handling of background async exec completion events, potentially allowing attackers to execute code with elevated privileges by providing untrusted completion content.