OpenClaw CVE-2026-41381

EUVD-2026-26090 LOW

Incorrect Authorization (CWE-863)

2026-04-28 VulnCheck

2.3

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 28, 2026 - 20:07 vuln.today

Severity Changed

Apr 28, 2026 - 19:52 NVD

MEDIUM LOW

CVSS changed

Apr 28, 2026 - 19:52 NVD

5.4 (MEDIUM) 2.3 (LOW)

DescriptionNVD

OpenClaw before 2026.3.31 contains an access control bypass vulnerability in the Discord voice manager that allows attackers to bypass channel-level member access allowlist restrictions. Attackers can send Discord voice ingress requests before channel allowlist authorization is performed, gaining unauthorized access to restricted voice channels.

AnalysisAI

OpenClaw before version 2026.3.31 contains an access control bypass in its Discord voice manager that allows authenticated attackers to send voice ingress requests before channel allowlist authorization checks are enforced, gaining unauthorized access to restricted voice channels. The vulnerability exploits a race condition or authorization sequencing flaw in the voice channel access control mechanism, affecting deployments with member-level access restrictions.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-41381 vulnerability details – vuln.today

Back