Cve 2026 44118
Cve 2026 44118 · · 15 min read
OpenClaw CVE-2026-44118: Loopback MCP Owner-Context Spoofing via Bearer-Token Header Manipulation — Cyber-Risk Implications for Underwriters, CISOs and Risk Managers
CVE-2026-44118 (CVSS 7.8) lets non-owner loopback MCP clients bypass owner-gated operations in OpenClaw before 2026.4.22 by spoofing the sender-owner header. Trust-boundary defect risk-signal for underwriters, CISOs and risk managers.