Skip to content
CVSS 7.3 · HIGH

CVE-2026-41380

OpenClaw before 2026.3.28 contains an execution approval vulnerability in exec-approvals-allowlist.ts that allows allow-always persistence to trust wrapper carrier executables instead of invoked targets. Attackers can exploit positional carrier executable routing through dispatch wrappers to establish broader allowlist entries than intended, weakening execution approval boundaries.

Ver en NVD

Análisis

OpenClaw is a niche tool, likely a specialized execution manager or game engine reimplementation, with minimal footprint in the standard MexicoDev web/backend stack. While the execution approval bypass is a high-severity logic flaw, the product's limited deployment scale does not warrant a broad community alert.

Severidad

Puntaje: 7.3(HIGH)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
AV: LOCAL
AC: LOW
PR: LOW
UI: REQUIRED
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-807

EPSS

Probabilidad de explotación (próx. 30 días): 0.0002 (0.0%)
Percentil: 6.7%
EPSS: 2026-05-06

Afecta

openclaw:openclaw

Descripción técnica

OpenClaw before 2026.3.28 contains an execution approval vulnerability in exec-approvals-allowlist.ts that allows allow-always persistence to trust wrapper carrier executables instead of invoked targets. Attackers can exploit positional carrier executable routing through dispatch wrappers to establish broader allowlist entries than intended, weakening execution approval boundaries.

Publicada: 28/4/2026, 19:37:40
Última modificación: 1/5/2026, 15:51:33

Referencias

InicioEventosBlogRecursosEquipo