CVE-2026-41303
Published: 21 April 2026
Summary
CVE-2026-41303 is a high-severity Incorrect Authorization (CWE-863) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 21.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations to prevent non-approvers from bypassing the Discord execApprovals allowlist and resolving pending host execution requests.
Applies least privilege to restrict approval of host executions to only designated approvers, directly countering the authorization bypass vulnerability.
Remediates the specific authorization bypass flaw in OpenClaw Discord text approval commands by identifying, reporting, and patching to version 2026.3.28 or later.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Authorization bypass in Discord approval component directly enables network exploitation of the application to approve and trigger unauthorized host command execution.
NVD Description
OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in Discord text approval commands that allows non-approvers to resolve pending exec approvals. Attackers can send Discord text commands to bypass the channels.discord.execApprovals.approvers allowlist and approve pending host execution requests.
Deeper analysisAI
CVE-2026-41303 is an authorization bypass vulnerability (CWE-863) in OpenClaw versions before 2026.3.28. The flaw exists in the Discord text approval commands component, enabling non-approvers to resolve pending exec approvals. Attackers can send Discord text commands to circumvent the channels.discord.execApprovals.approvers allowlist and approve pending host execution requests. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-04-21.
Attackers require low privileges (PR:L) to exploit this issue over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Exploitation allows unauthorized approval of pending host execution requests by bypassing the designated approvers allowlist, potentially granting attackers control over host execution and resulting in high impacts to confidentiality, integrity, and availability.
Mitigation details are available in the GitHub security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-98hh-7ghg-x6rq and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-discord-text-approval-commands. OpenClaw versions prior to 2026.3.28 are affected, indicating that upgrading to 2026.3.28 or later resolves the issue.
Details
- CWE(s)