Unverified Ownership in OpenClaw - CVE-2026-27486
Published: May 4, 2026
Vulnerability identifier: #VU129431
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-27486
CWE-ID: CWE-283
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: OpenClaw
Affected software:
OpenClaw
OpenClaw
Detailed vulnerability description
The vulnerability allows a local user to terminate unrelated processes.
The vulnerability exists due to unverified ownership in the CLI process cleanup helpers when enumerating system processes and matching command-line patterns during cleanup. A local user can cause a matching unrelated process to be sent SIGKILL to terminate unrelated processes.
On shared hosts, processes not owned by the current OpenClaw process may be affected if they match the cleanup pattern.
How to mitigate CVE-2026-27486
Install security update from vendor's website.