CVE-2026-41347
Published: 23 April 2026
Summary
CVE-2026-41347 is a high-severity CSRF (CWE-352) vulnerability in Openclaw Openclaw. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious Link (T1204.001); ranked at the 3.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires validation of information inputs such as HTTP Origin or Referer headers and anti-CSRF tokens on operator endpoints to block forged cross-site requests.
Ensures mechanisms protect session authenticity against exploitation via forged requests from malicious sites in trusted-proxy deployments.
Mandates re-authentication for privileged operator endpoint actions, preventing CSRF exploitation that relies on existing browser sessions without fresh credentials.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CSRF vulnerability requires tricking an authenticated user into interacting with malicious web content or an email link to trigger unauthorized actions via their browser session, directly mapping to T1204.001 Malicious Link under User Execution.
NVD Description
OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP operator endpoints when operating in trusted-proxy mode, allowing cross-site request forgery attacks. Attackers can exploit this by sending malicious requests from a browser in trusted-proxy deployments to perform unauthorized actions on HTTP…
more
operator endpoints.
Deeper analysisAI
CVE-2026-41347 is a cross-site request forgery (CSRF) vulnerability in OpenClaw versions before 2026.3.31, stemming from a lack of browser-origin validation in HTTP operator endpoints when the software operates in trusted-proxy mode (CWE-352). This flaw enables attackers to send malicious requests from a victim's browser to perform unauthorized actions on those endpoints. The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L) and was published on 2026-04-23.
Any remote attacker can exploit this issue without privileges by crafting malicious web content, such as a webpage or email link, that tricks an authenticated user into interacting with it via their browser in a trusted-proxy OpenClaw deployment. User interaction is required, but the low attack complexity and network accessibility make it feasible. Exploitation allows limited unauthorized actions on HTTP operator endpoints, yielding low impacts to confidentiality, integrity, and availability, though the changed scope elevates the severity due to cross-origin effects.
Advisories recommend upgrading to OpenClaw 2026.3.31 or later, which addresses the issue through commit 6b3f99a11f4d070fa5ed2533abbb3d7329ea4f0d. Further mitigation details and analysis are available in the GitHub Security Advisory (GHSA-mhr7-2xmv-4c4q) and the VulnCheck advisory on the OpenClaw CSRF vulnerability.
Details
- CWE(s)