Skip to content
CVSS 7.3 · HIGH

CVE-2026-41355

OpenShell before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox files into workspace hooks. Attackers with mirror mode access can execute arbitrary code on the host during gateway startup by exploiting enabled workspace hooks.

Ver en NVD

Análisis

OpenClaw OpenShell versions prior to 2026.3.28 contain a vulnerability that allows arbitrary code execution on the host machine. By exploiting workspace hooks in mirror mode, an attacker can execute code during the gateway startup process, potentially compromising the development environment.

Severidad

Puntaje: 7.3(HIGH)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
AV: LOCAL
AC: LOW
PR: LOW
UI: REQUIRED
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-829

EPSS

Probabilidad de explotación (próx. 30 días): 0.0001 (0.0%)
Percentil: 1.8%
EPSS: 2026-05-06

Afecta

openclaw:openclaw

Descripción técnica

OpenShell before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox files into workspace hooks. Attackers with mirror mode access can execute arbitrary code on the host during gateway startup by exploiting enabled workspace hooks.

Publicada: 23/4/2026, 22:16:42
Última modificación: 1/5/2026, 20:23:43

Referencias

InicioEventosBlogRecursosEquipo