Skip to main content

OpenClaw EUVDEUVD-2026-26100

| CVE-2026-41392 MEDIUM
Incomplete List of Disallowed Inputs (CWE-184)
2026-04-28 VulnCheck
5.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
P
Scope
X

Lifecycle Timeline

6
Analysis Generated
Apr 28, 2026 - 20:07 vuln.today
CVSS changed
Apr 28, 2026 - 19:52 NVD
6.7 (MEDIUM) 5.4 (MEDIUM)
EUVD ID Assigned
Apr 28, 2026 - 19:30 euvd
EUVD-2026-26100
Analysis Generated
Apr 28, 2026 - 19:30 vuln.today
Patch released
Apr 28, 2026 - 19:30 nvd
Patch available
CVE Published
Apr 28, 2026 - 18:09 nvd
MEDIUM 5.4

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 1 npm packages depend on openclaw (1 direct, 0 indirect)

Ecosystem-wide dependent count for version 2026.3.31.

DescriptionCVE.org

OpenClaw before 2026.3.31 contains an exec allowlist bypass vulnerability allowing attackers to inherit allowlist trust via shell init-file wrapper invocations. Attackers can exploit shell options like --rcfile, --init-file, and --startup-file to load attacker-chosen initialization files while bypassing exec allowlist matching restrictions.

AnalysisAI

OpenClaw before version 2026.3.31 allows local authenticated users with user interaction to bypass exec allowlist restrictions via shell initialization file options (--rcfile, --init-file, --startup-file), enabling them to load attacker-controlled initialization files and achieve high-impact unauthorized access to confined resources. Exploitation requires local access, low privileges, user interaction, and specific timing conditions, but bypasses a critical security control intended to restrict executable trust.

Technical ContextAI

OpenClaw implements an allowlist-based execution control mechanism to restrict which binaries and resources can be executed within its confined environment. The vulnerability exploits CWE-184 (Incomplete List of Disallowed Inputs), a logic bypass where shell invocation options commonly used for initialization file loading are not properly filtered or validated by the allowlist matching logic. Attackers can chain shell options like --rcfile (bash), --init-file (bash), or --startup-file (zsh) to specify alternate initialization files, which are then sourced with the trust level inherited from the allowlisted shell binary itself, circumventing per-file allowlist checks. The CPE cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:*:*:* indicates all versions before 2026.3.31 are affected.

RemediationAI

Upgrade OpenClaw to version 2026.3.31 or later, which patches the allowlist bypass by properly validating and filtering shell initialization file options before exec invocation. The upstream fix is available in commit 0c8375424620e12777ef24c162eedc7e9fcfd7e3 (https://github.com/openclaw/openclaw/commit/0c8375424620e12777ef24c162eedc7e9fcfd7e3). If immediate upgrade is not possible, implement compensating controls: restrict shell invocation within OpenClaw confinement boundaries to setups that do not expose shell options (e.g., use shell in non-interactive mode or via wrapper scripts that strip user-supplied flags), or disable shell-based initialization file loading entirely if not required for legitimate workflows. Be aware that disabling shell initialization may break legitimate scripts that depend on these features, requiring workflow testing before deployment.

CVE-2026-28446 CRITICAL POC
9.4 Mar 05

Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.

CVE-2026-33579 CRITICAL POC
9.4 Mar 31

Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access b

CVE-2026-32042 HIGH POC
8.8 Mar 21

OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated att

CVE-2026-32051 HIGH POC
8.8 Mar 21

An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.

CVE-2026-25253 HIGH POC
8.8 Feb 01

OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs e

CVE-2026-32846 HIGH POC
8.7 Mar 26

Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files in

CVE-2026-32064 HIGH POC
7.7 Mar 21

OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, all

CVE-2026-32055 HIGH POC
7.6 Mar 21

OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace director

CVE-2026-32056 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run func

CVE-2026-32049 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consiste

CVE-2026-32048 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low

CVE-2026-25474 HIGH POC
7.5 Feb 19

OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSec

Share

EUVD-2026-26100 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy