cybr.cx Daily Digest — May 06, 2026

Critical Vulnerabilities

CVE-2026-43569 | OpenClaw | CVSS 8.8
OpenClaw before 2026.4.9 has an authentication bypass flaw that allows untrusted workspace plugins to be silently auto-enabled during non-interactive onboarding. If your pipeline uses OpenClaw for agent orchestration, a malicious plugin could be injected and activated without any explicit user approval — patch immediately or audit your onboarding flows.

CVE-2026-43571 | OpenClaw | CVSS 8.8
A related plugin trust bypass in OpenClaw before 2026.4.10 lets workspace plugin shadows resolve ahead of legitimate bundled channel plugins at setup time. The practical risk: a crafted workspace plugin can subvert the intended trust hierarchy before security controls even initialise. Update to 2026.4.10 or later.

CVE-2026-42434 / CVE-2026-42435 / CVE-2026-43530 | OpenClaw | CVSS 8.8 (each)
Three further OpenClaw vulnerabilities round out a rough patch for the platform. CVE-2026-42434 allows sandboxed agents to escape confinement by specifying host=node to reroute execution. CVE-2026-42435 permits environment variable injection at the argv level — including dangerous variables like SHELLOPTS and PS4 — bypassing exec preflight checks. CVE-2026-43530 lets attackers obscure which applet actually runs inside busybox/toybox multi-call binaries, weakening exec approval and risk classification. All three are fixed in 2026.4.12. If you're running OpenClaw in any agentic or multi-tenant context, treat this cluster as a single critical remediation event.

CVE-2026-6261 | Betheme WordPress Theme (≤ 28.4) | CVSS 8.8
The popular Betheme WordPress theme allows authenticated users with author-level access to upload arbitrary files via a ZIP extraction flaw in the upload_icons() function. Extracted files are dumped into a public uploads directory with no type validation — a straightforward path to webshell deployment. Any WordPress install running Betheme ≤ 28.4 with untrusted contributor or author accounts is at material risk. Update to 28.5 or higher.

CVE-2023-54345 | ERPNext (Frappe Framework) 13.4.0 | CVSS 8.8
An authenticated user with the System Manager role can escape RestrictedPython's sandbox in ERPNext 13.4.0 by exploiting frame introspection via the gi_frame attribute — ultimately calling os.popen to run arbitrary system commands through the /app/server-script endpoint. The blast radius here is significant: full OS command execution from within what should be a sandboxed scripting environment.

CVE-2023-54348 | ERPGo SaaS 3.9 | CVSS 8.8
Classic CSV injection in ERPGo SaaS 3.9 allows authenticated attackers to embed formula payloads (e.g., =cmd|' /C calc'!A0) in vendor name fields. The payload executes when a finance or procurement team member opens the exported file in Excel or similar. The risk scales with how freely vendor creation is delegated — audit who can add vendor records.

Headline News

DigiCert Breached via Malicious Screensaver File

A confirmed intrusion at DigiCert — one of the world's most trusted certificate authorities — has sent a jolt through the PKI community. The initial access vector was a malicious screensaver file, a social engineering technique that feels almost archaic but clearly still lands. The breach had direct implications for code-signing certificates, raising legitimate concern about the integrity of software signed during any window of attacker access. For practitioners, the incident is a sobering reminder that even organisations whose entire business model is cryptographic trust are vulnerable to mundane endpoint compromise. If your organisation relies on DigiCert-issued code-signing certificates, now is the time to review issuance timelines against the known intrusion window and consider certificate revocation and reissuance where appropriate.

Microsoft Edge Leaks Passwords as Plaintext in Memory

Researchers have documented that Microsoft Edge, under certain conditions, leaves user passwords exposed in process memory as plaintext — readable by any process or tool with sufficient access to the browser's memory space. This is a meaningful finding in environments where endpoint detection is monitoring for credential dumping, since the passwords require no additional decryption step once memory access is obtained. The impact is particularly acute in shared or kiosk environments, or on endpoints already compromised by an attacker with local access. Microsoft has not yet publicly confirmed a patch timeline. Defenders should consider whether Edge's built-in password manager is appropriate for high-risk user populations, and ensure endpoint controls limiting cross-process memory reads are in place.

Amazon SES Weaponised for Phishing at Scale

Threat actors have been systematically abusing Amazon Simple Email Service to send phishing campaigns that cleanly evade reputation-based filtering and standard email security controls. Because emails originate from Amazon's own infrastructure, they inherit the deliverability and trust reputation of a major cloud provider — rendering blocklists and basic sender-reputation checks largely useless. The campaigns are reportedly convincing enough to bypass enterprise-grade email gateways that would otherwise catch more conventional phishing infrastructure. This represents a structural problem, not a one-off incident: as attackers increasingly pivot to legitimate cloud services as their delivery layer, detection must shift toward content and behaviour analysis rather than sender reputation. Security teams should review inbound filtering rules for over-reliance on domain or IP reputation, and consider whether DMARC alignment checks alone are sufficient given legitimately-sourced malicious mail.

Schrödinger's Feed

A collaborative team from Cleveland Clinic, RIKEN, and IBM has successfully simulated a 12,635-atom protein-ligand complex — modelling proteins T4-Lysozyme and Trypsin in liquid water — representing a genuine leap in what quantum-centric supercomputing can handle at scale. It's not a cryptographic story, but it quietly signals that the hardware and algorithmic scaffolding underpinning quantum's theoretical promises are maturing faster than many cryptography planners had assumed. Meanwhile, a separate report highlights exotic quantum states created by manipulating magnetic fields over time — potentially offering more stable qubit behaviour, which is one of the persistent engineering barriers to fault-tolerant quantum systems. Practitioners should keep an eye on this trajectory: the timeline to cryptographically-relevant quantum computation remains debated, but the engineering gaps are visibly closing, making post-quantum cryptography migration planning increasingly urgent rather than merely prudent.

/dev/random

A blog post circulating this week proposes the "Three Inverse Laws of AI" as a cheerful inversion of Asimov's robotics classics — the gist being that modern AI systems reliably do the opposite of what the original laws intended, which will surprise nobody who has spent time arguing with a code assistant that confidently deletes the wrong file. It's a short read and genuinely funny, in the way that only things that are also slightly true can be. Worth five minutes, especially if you've recently watched an autonomous agent helpfully escape its sandbox — see also: today's CVE section.