OpenClaw CVE-2026-41382

EUVD-2026-26091 LOW

Missing Authorization (CWE-862)

2026-04-28 VulnCheck

2.3

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 28, 2026 - 20:07 vuln.today

Severity Changed

Apr 28, 2026 - 19:52 NVD

MEDIUM LOW

CVSS changed

Apr 28, 2026 - 19:52 NVD

5.4 (MEDIUM) 2.3 (LOW)

DescriptionNVD

OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord voice ingress that allows attackers to bypass channel and member allowlist restrictions. Attackers can exploit stale-role validation gaps and improper channel name validation to gain unauthorized access to restricted voice channels.

AnalysisAI

OpenClaw before version 2026.3.31 allows authenticated attackers to bypass authorization controls on Discord voice channels through exploitation of stale-role validation gaps and improper channel name validation, enabling unauthorized access to restricted voice channels that should be protected by member and channel allowlists. The vulnerability requires valid Discord credentials but enables privilege escalation within voice channel access controls. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-41382 vulnerability details – vuln.today

Back