OpenClaw
CVE-2026-41367
MEDIUM
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
OpenClaw versions 2026.2.14 through 2026.3.24 fail to consistently apply guild and channel policy gates to Discord button and component interactions. Attackers can trigger privileged component actions from blocked contexts by bypassing channel policy enforcement.
AnalysisAI
OpenClaw versions 2026.2.14 through 2026.3.24 fail to enforce guild and channel policy gates on Discord button and component interactions, allowing authenticated users to trigger privileged component actions from contexts where those actions should be blocked. The vulnerability bypasses channel policy enforcement via policy gate inconsistency, enabling privilege escalation within Discord servers where OpenClaw is deployed.
Technical ContextAI
OpenClaw is a Discord bot framework or application that implements guild and channel policy enforcement mechanisms to control which users can execute specific bot actions in specific Discord contexts. Discord component interactions (buttons, select menus, modals) are handled separately from traditional command message routing in the Discord API. The vulnerability exists in the component interaction handler, which fails to consistently apply the same policy gate checks that are enforced for other command types. CWE-863 (Incorrect Authorization) indicates the root cause is a logic flaw where authorization rules are either incompletely applied, bypassed under certain conditions, or not re-checked at the point of action execution. The affected versions suggest this is a regression or incomplete implementation introduced between version 2026.2.14 and remaining unpatched through 2026.3.24.
RemediationAI
Upgrade to OpenClaw version 2026.3.25 or later to receive the patched policy gate enforcement. The fix ensures that guild and channel policy checks are consistently applied to Discord component interactions (buttons, select menus, modals) at interaction processing time. Immediate workaround pending upgrade: Disable or restrict access to Discord components within affected OpenClaw bots by removing button/component handlers from sensitive bot commands, reverting to text-command-only enforcement in channels where policy gate bypass poses operational risk. This workaround trades bot functionality for security and should be temporary. Review server role assignments and audit logs in Discord to identify any unauthorized privileged actions executed via components during the exposure window. Detailed patch and deployment instructions are available in the GitHub security advisory (https://github.com/openclaw/openclaw/security/advisories/GHSA-jp4j-q5fc-58gv).
Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.
Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access b
OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated att
An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.
OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs e
Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files in
OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, all
OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace director
OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run func
OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consiste
OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low
OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSec
Same weakness CWE-863 – Incorrect Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today