Skip to content
CVSS 7.1 · HIGH

CVE-2026-41379

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Talk Voice configuration persistence. Attackers with operator.write privileges can exploit the chat.send endpoint to reach and modify sensitive voice configuration settings intended for administrators only.

Ver en NVD

Análisis

OpenClaw is a niche open-source engine recreation project, not a standard component of the MexicoDev professional stack. The vulnerability is a privilege escalation that requires the attacker to already possess operator-level write permissions, further narrowing the risk to specific internal configurations.

Severidad

Puntaje: 7.1(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
AV: NETWORK
AC: LOW
PR: LOW
UI: NONE
S: UNCHANGED
C: LOW
I: HIGH
A: NONE
Tipo de falla (CWE): CWE-863

EPSS

Probabilidad de explotación (próx. 30 días): 0.0002 (0.0%)
Percentil: 6.7%
EPSS: 2026-05-06

Afecta

openclaw:openclaw

Descripción técnica

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Talk Voice configuration persistence. Attackers with operator.write privileges can exploit the chat.send endpoint to reach and modify sensitive voice configuration settings intended for administrators only.

Publicada: 28/4/2026, 19:37:40
Última modificación: 1/5/2026, 15:51:25

Referencias

InicioEventosBlogRecursosEquipo