Skip to main content

OpenClaw CVE-2026-41394

| EUVDEUVD-2026-26102 HIGH
Missing Authorization (CWE-862)
2026-04-28 VulnCheck
8.8
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

7
Re-analysis Queued
Apr 28, 2026 - 20:23 vuln.today
cvss_changed
Analysis Generated
Apr 28, 2026 - 20:04 vuln.today
CVSS changed
Apr 28, 2026 - 19:52 NVD
8.2 (HIGH) 8.8 (HIGH)
EUVD ID Assigned
Apr 28, 2026 - 19:30 euvd
EUVD-2026-26102
Analysis Generated
Apr 28, 2026 - 19:30 vuln.today
Patch released
Apr 28, 2026 - 19:30 nvd
Patch available
CVE Published
Apr 28, 2026 - 18:09 nvd
HIGH 8.8

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 1 npm packages depend on openclaw (1 direct, 0 indirect)

Ecosystem-wide dependent count for version 2026.3.31.

DescriptionCVE.org

OpenClaw before 2026.3.31 contains an authentication bypass vulnerability where unauthenticated plugin-auth HTTP routes receive operator runtime write scopes. Attackers can access these routes without authentication to perform privileged runtime actions intended for authorized operators.

AnalysisAI

Authentication bypass in OpenClaw allows remote unauthenticated attackers to execute privileged runtime operations intended for authorized operators. The vulnerability exists in plugin-auth HTTP routes that incorrectly grant operator-level write scopes without authentication checks. Attackers can remotely exploit this flaw with low complexity (CVSS:4.0 AV:N/AC:L/PR:N) to modify runtime configurations and perform administrative actions. Vendor-released patch available as of commit 2a1db0c (March 31, 2026). No active exploitation confirmed in CISA KEV, though EPSS data unavailable for risk calibration.

Technical ContextAI

OpenClaw is an application platform with a plugin architecture that uses HTTP-based authentication routes for operator access control. The vulnerability stems from CWE-862 (Missing Authorization), where certain plugin-auth endpoints fail to enforce authentication requirements before granting elevated runtime scopes. In privilege management systems, scopes define the boundaries of what authenticated sessions can access-here, operator write scopes control runtime modifications and administrative operations. The affected CPE (cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:*:*:*) indicates all versions prior to the 2026.3.31 release are vulnerable. The CVSS 4.0 vector shows network-accessible exploitation (AV:N) with low attack complexity (AT:N) requiring no privileges (PR:N) or user interaction (UI:N), yielding high integrity impact (VI:H) to the vulnerable system while limiting confidentiality impact (VC:L) and causing no availability disruption (VA:N).

RemediationAI

Upgrade to OpenClaw version 2026.3.31 or later, which contains the authentication enforcement fix implemented in commit 2a1db0c0f1fa375004a95ba0ef030534790a6d47 (https://github.com/openclaw/openclaw/commit/2a1db0c0f1fa375004a95ba0ef030534790a6d47). Review the GitHub security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-mhgq-xpfq-6r66 for vendor-specific upgrade guidance. For environments unable to immediately patch, implement network-based access controls to restrict plugin-auth route access to trusted IP ranges or internal networks only-configure reverse proxy or firewall rules to block external access to paths matching /plugin-auth/* or equivalent endpoints (verify exact paths in OpenClaw documentation). Note this workaround reduces attack surface but does not eliminate risk from internal threats or compromised trusted networks. Additionally, audit existing runtime configurations for unauthorized modifications made prior to patching, as attackers may have already leveraged the bypass to inject persistent malicious settings. Compensating controls carry the trade-off of limiting legitimate remote operator access, requiring VPN or bastion host connectivity for authorized administrators.

CVE-2026-28446 CRITICAL POC
9.4 Mar 05

Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.

CVE-2026-33579 CRITICAL POC
9.4 Mar 31

Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access b

CVE-2026-32042 HIGH POC
8.8 Mar 21

OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated att

CVE-2026-32051 HIGH POC
8.8 Mar 21

An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.

CVE-2026-25253 HIGH POC
8.8 Feb 01

OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs e

CVE-2026-32846 HIGH POC
8.7 Mar 26

Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files in

CVE-2026-32064 HIGH POC
7.7 Mar 21

OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, all

CVE-2026-32055 HIGH POC
7.6 Mar 21

OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace director

CVE-2026-32056 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run func

CVE-2026-32049 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consiste

CVE-2026-32048 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low

CVE-2026-25474 HIGH POC
7.5 Feb 19

OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSec

Share

CVE-2026-41394 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy