CVE-2026-41300
6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Summary
OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote onboarding flows. Attackers can route gateway credentials to malicious endpoints by having their discovered URL survive the trust decline process into manual prompts requiring operator acceptance.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| OpenClaw | OpenClaw | 0 < 2026.3.31 | affected |
| OpenClaw | OpenClaw | 2026.3.31 | unaffected |
Weaknesses
- CWE-372: CWE-372: Incomplete Internal State Distinction
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://github.com/openclaw/openclaw/security/advisories/GHSA-9f4w-67g7-mqwv
- https://github.com/openclaw/openclaw/commit/2a75416634837c21ed05b8c3ed906eb7a7807060
- https://www.vulncheck.com/advisories/openclaw-attacker-discovered-endpoint-preservation-in-remote-onboarding
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.