CVE-2026-41380
Published: 28 April 2026
Summary
CVE-2026-41380 is a high-severity Reliance on Untrusted Inputs in a Security Decision (CWE-807) vulnerability in Openclaw Openclaw. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Disable or Modify Tools (T1562.001); ranked at the 6.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and CM-10 (Software Usage Restrictions).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces deny-all, permit-by-exception policies for authorized executables via allowlists, directly preventing exploitation of flawed execution approval logic that trusts wrapper carriers over invoked targets.
Implements a tamper-proof reference monitor to mediate all access decisions including executions, countering bypasses in approval boundaries through dispatch wrappers.
Requires timely flaw remediation via patching, directly addressing the vendor-recommended upgrade to OpenClaw 2026.3.28 to fix the allow-always persistence vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability allows attackers to broaden execution allowlists via wrapper carrier executables, directly facilitating modification of defensive execution approval controls to impair their effectiveness.
NVD Description
OpenClaw before 2026.3.28 contains an execution approval vulnerability in exec-approvals-allowlist.ts that allows allow-always persistence to trust wrapper carrier executables instead of invoked targets. Attackers can exploit positional carrier executable routing through dispatch wrappers to establish broader allowlist entries than intended,…
more
weakening execution approval boundaries.
Deeper analysisAI
CVE-2026-41380 is an execution approval vulnerability in OpenClaw versions before 2026.3.28, specifically within the exec-approvals-allowlist.ts component. The flaw enables allow-always persistence that trusts wrapper carrier executables rather than the actual invoked targets. Attackers can leverage positional carrier executable routing through dispatch wrappers to create broader allowlist entries than intended, thereby weakening execution approval boundaries. The vulnerability carries a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) and maps to CWE-807.
A local attacker with low privileges can exploit this issue with low complexity by inducing user interaction. Successful exploitation allows the attacker to bypass intended restrictions, establishing persistent trust in unintended executables and weakening security boundaries around execution approvals.
The OpenClaw GitHub security advisory (https://github.com/openclaw/openclaw/security/advisories/GHSA-p4x4-2r7f-wjxg) and VulnCheck analysis (https://www.vulncheck.com/advisories/openclaw-arbitrary-execution-allowlist-via-wrapper-carrier-executables) provide further details on the issue. Mitigation requires upgrading to OpenClaw 2026.3.28 or later, as the vulnerability affects prior versions.
Details
- CWE(s)