OpenClaw CVE-2026-41376

EUVD-2026-26085 LOW

Origin Validation Error (CWE-346)

2026-04-28 VulnCheck

2.3

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Scope

Lifecycle Timeline

Analysis Generated

Apr 28, 2026 - 20:06 vuln.today

Severity Changed

Apr 28, 2026 - 19:52 NVD

MEDIUM LOW

CVSS changed

Apr 28, 2026 - 19:52 NVD

5.4 (MEDIUM) 2.3 (LOW)

DescriptionNVD

OpenClaw before 2026.3.31 contains an allowlist bypass vulnerability in Matrix thread root and reply context handling that fails to properly validate message senders. Attackers can fetch thread-root and reply context messages that should be filtered by sender allowlists, bypassing access controls.

AnalysisAI

OpenClaw before version 2026.3.31 fails to properly validate message senders in Matrix thread root and reply context handling, allowing remote unauthenticated attackers to bypass sender allowlists and access filtered messages. The vulnerability requires user interaction and has low attack complexity, but impact is limited to information disclosure of message context that should have been restricted by access controls.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-41376 vulnerability details – vuln.today

Back