Cyber Resilience

CVE-2026-41353

HighPublic PoC

Published: 23 April 2026

Published
23 April 2026
Modified
01 May 2026
KEV Added
Patch
CVSS Score v4 7.6 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0034 25.4th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-41353 is a high-severity External Control of Assumed-Immutable Web Parameter (CWE-472) vulnerability in Openclaw Openclaw. Its CVSS base score is 7.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Proxy (T1090); ranked at the 25.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2026-41353 is an access control bypass vulnerability affecting OpenClaw versions prior to 2026.3.22, specifically in the allowProfiles feature. The flaw enables attackers to circumvent profile restrictions through persistent profile mutation and runtime profile selection, allowing manipulation of browser proxy profiles at runtime to access restricted profiles and evade intended access controls. It has a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) and is associated with CWE-472.

Remote attackers with low privileges can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation grants high-impact access to confidential data and enables integrity violations by bypassing profile-based restrictions, potentially allowing unauthorized use of restricted browser proxy configurations.

Advisories and the referenced patch commit recommend upgrading to OpenClaw 2026.3.22 or later, where the vulnerability is fixed via commit eac93507c36ccd0c359fba18fa466ef6448be8a5. Additional details are available in the GitHub Security Advisory GHSA-h5hg-h7rr-gpf3 and VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-allowprofiles-bypass-via-profile-mutation-and-runtime-selection.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers to circumvent profile restrictions through persistent profile mutation and runtime profile selection. Remote attackers can exploit this by manipulating browser proxy profiles at runtime…

more

to access restricted profiles and bypass intended access controls.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1090 Proxy Command And Control
Adversaries may use a connection proxy to direct network traffic between systems or act as an intermediary for network communications to a command and control server to avoid direct connections to their infrastructure.
Why these techniques?

The access control bypass allows runtime mutation and selection of restricted browser proxy profiles, directly enabling unauthorized proxy usage for traffic redirection or C2.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-27646Same product: Openclaw Openclaw
CVE-2026-32924Same product: Openclaw Openclaw
CVE-2026-42431Same product: Openclaw Openclaw
CVE-2026-27523Same product: Openclaw Openclaw
CVE-2026-28463Same product: Openclaw Openclaw
CVE-2026-41394Same product: Openclaw Openclaw
CVE-2026-43573Same product: Openclaw Openclaw
CVE-2026-22179Same product: Openclaw Openclaw
CVE-2026-44110Same product: Openclaw Openclaw
CVE-2026-43584Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.3.22

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations for access to system resources, directly preventing bypass of profile restrictions via persistent mutation and runtime selection in OpenClaw.

prevent

Implements a reference monitor mechanism to mediate all access control decisions, blocking unauthorized circumvention of allowProfiles restrictions.

prevent

Requires timely remediation of identified flaws like CVE-2026-41353, eliminating the access control bypass through patching to version 2026.3.22 or later.

References