CVE-2026-41355
Published: 23 April 2026
Summary
CVE-2026-41355 is a medium-severity Inclusion of Functionality from Untrusted Control Sphere (CWE-829) vulnerability in Openclaw Openclaw. Its CVSS base score is 5.4 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 2.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-41355 is an arbitrary code execution vulnerability (CWE-829) in OpenShell versions prior to 2026.3.28. The flaw occurs in the mirror mode component, where untrusted sandbox files are improperly converted into workspace hooks, allowing exploitation during gateway startup. It carries a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H), indicating high impact with local access requirements.
An attacker with mirror mode access can exploit this vulnerability to execute arbitrary code on the host system. Exploitation requires local access, low privileges, low attack complexity, and user interaction, such as enabling workspace hooks. Successful exploitation during gateway startup provides high confidentiality, integrity, and availability impacts.
Advisories and the associated patch recommend upgrading to OpenShell 2026.3.28 or later to mitigate the issue. Relevant resources include the fixing commit at https://github.com/openclaw/openclaw/commit/c02ee8a3a4cb390b23afdf21317aa8b2096854d1, the GitHub security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-42mx-vp8m-j7qh, and the VulnCheck analysis at https://www.vulncheck.com/advisories/openshell-arbitrary-code-execution-via-mirror-mode-sandbox-file-conversion.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-25339
Vulnerability details
OpenClaw before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox files into workspace hooks. Attackers with mirror mode access can execute arbitrary code on the host during gateway startup by exploiting enabled workspace hooks.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a local arbitrary code execution vulnerability in OpenShell that is exploited with low privileges and user interaction during startup, directly enabling T1203 Exploitation for Client Execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires applying the vendor patch (upgrade to 2026.3.28+) that eliminates the sandbox-to-hook conversion flaw.
Enforces disabling or restricting the mirror-mode workspace-hooks feature so untrusted sandbox files cannot be converted into executable hooks.
Enforces access-control policy on mirror-mode activation and hook enablement, blocking the local attacker prerequisite stated in the CVE.