Is OpenClaw affected by CVE-2026-41295?

OpenClaw versions prior to 2026.4.2 contain a critical remote code execution vulnerability in workspace channel initialization that allows attackers to execute arbitrary code by convincing users to open malicious cloned workspaces, potentially compromising developer environments and supply chain…

OpenClaw CVE-2026-41295

HIGH

Inclusion of Functionality from Untrusted Control Sphere (CWE-829)

2026-04-21 [email protected]

RCE

8.5

CVSS 4.0

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Scope

Lifecycle Timeline

Re-analysis Queued

Apr 21, 2026 - 16:22 vuln.today

cvss_changed

Analysis Generated

Apr 21, 2026 - 00:38 vuln.today

DescriptionNVD

OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted workspace channel shadows to execute during built-in channel setup and login. Attackers can clone a workspace with a malicious plugin claiming a bundled channel id to achieve unintended in-process code execution before the plugin is explicitly trusted.

AnalysisAI

Malicious workspace plugins in OpenClaw versions before 2026.4.2 achieve arbitrary code execution by shadowing built-in channel IDs during workspace clone and setup operations. The vulnerability exploits a trust boundary flaw (CWE-829) where untrusted plugins execute before explicit user trust confirmation, requiring only that a victim clone a poisoned workspace repository. …

RemediationAI

Within 24 hours: Identify all OpenClaw installations and verify versions currently deployed; notify users not to open untrusted or cloned workspaces pending remediation. Within 7 days: Apply vendor patch by updating to OpenClaw 2026.4.2 or later, or manually apply GitHub commit 53c29df if immediate upgrade is not feasible; test patched version in non-production environment first. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-41295 vulnerability details – vuln.today

Back

OpenClaw CVE-2026-41295

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

OpenClaw CVE-2026-41295

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code