Cyber Resilience

CVE-2026-41344

MediumPublic PoC

Published: 23 April 2026

Published
23 April 2026
Modified
29 April 2026
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0021 11.1th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-41344 is a medium-severity Incorrect Authorization (CWE-863) vulnerability in Openclaw Openclaw. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 11.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2026-41344 is a privilege escalation vulnerability (CWE-863) in OpenClaw versions before 2026.3.28. The flaw exists in the chat.send endpoint, where write-scoped gateway callers can exploit the /verbose parameter to persist admin-only verboseLevel session overrides. This bypasses access controls, enabling exposure of sensitive reasoning or tool output restricted to administrators. The vulnerability has a CVSS v3.1 base score of 5.4 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).

Attackers require low-privileged write-scoped gateway access (PR:L) to exploit this remotely over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Exploitation allows persistence of verboseLevel overrides, leaking confidential administrative data such as restricted reasoning traces or tool outputs, with low impacts to confidentiality and integrity but no availability disruption.

Advisories from GitHub (https://github.com/openclaw/openclaw/security/advisories/GHSA-5h2w-qmfp-ggp6) and VulnCheck (https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-chat-send-verbose-parameter) provide mitigation details, recommending an upgrade to OpenClaw 2026.3.28 or later to address the issue.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the chat.send endpoint that allows write-scoped gateway callers to persist admin-only verboseLevel session overrides. Attackers can exploit the /verbose parameter to bypass access controls and expose sensitive reasoning or tool output…

more

intended to be restricted to administrators.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The CVE is explicitly a privilege escalation vulnerability (CWE-863) that bypasses access controls via the /verbose parameter to access admin-restricted data, directly enabling T1068 Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-42429Same product: Openclaw Openclaw
CVE-2026-33579Same product: Openclaw Openclaw
CVE-2026-32915Same product: Openclaw Openclaw
CVE-2026-33577Same product: Openclaw Openclaw
CVE-2026-41404Same product: Openclaw Openclaw
CVE-2026-42432Same product: Openclaw Openclaw
CVE-2026-32918Same product: Openclaw Openclaw
CVE-2026-41371Same product: Openclaw Openclaw
CVE-2026-41379Same product: Openclaw Openclaw
CVE-2026-32972Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.3.28

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations for logical access, directly preventing write-scoped callers from bypassing controls to persist admin-only verboseLevel overrides in the chat.send endpoint.

prevent

Employs least privilege principle to restrict write-scoped gateway access from performing admin-only actions like verboseLevel persistence.

prevent

Implements a reference monitor mechanism to enforce access control policies, mitigating privilege escalation via improper /verbose parameter handling.

References