Skip to main content
Loading…
    CVE-2026-44118 — OpenClaw before 2026.4.22 derives loopback MCP owner context from spoofable server-issued bearer tokens in request headers. Non-owner loopback clients can present themselves as owner to bypass owner-g — CVE Database · The Intelligence Room