Skip to content
CVSS 8.8 · HIGH

CVE-2026-41352

OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node scope gate authentication mechanism. Attackers with device pairing credentials can execute arbitrary node commands on the host system without proper node pairing validation.

Ver en NVD

Análisis

OpenClaw is a niche project not widely recognized as part of the standard web or mobile development stack. While the vulnerability allows remote code execution through an authentication bypass, the limited adoption of the software among the community does not justify an alert.

Severidad

Puntaje: 8.8(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: LOW
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-862

EPSS

Probabilidad de explotación (próx. 30 días): 0.0035 (0.4%)
Percentil: 57.7%
EPSS: 2026-05-06

Afecta

openclaw:openclaw

Descripción técnica

OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node scope gate authentication mechanism. Attackers with device pairing credentials can execute arbitrary node commands on the host system without proper node pairing validation.

Publicada: 23/4/2026, 22:16:42
Última modificación: 28/4/2026, 18:54:57

Referencias

InicioEventosBlogRecursosEquipo