Cyber Resilience

CVE-2026-41380

HighPublic PoC

Published: 28 April 2026

Published
28 April 2026
Modified
01 May 2026
KEV Added
Patch
CVSS Score v4 7.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0012 2.5th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-41380 is a high-severity Reliance on Untrusted Inputs in a Security Decision (CWE-807) vulnerability in Openclaw Openclaw. Its CVSS base score is 7.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Disable or Modify Tools (T1685); ranked at the 2.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and CM-10 (Software Usage Restrictions).

Deeper analysis

CVE-2026-41380 is an execution approval vulnerability in OpenClaw versions before 2026.3.28, specifically within the exec-approvals-allowlist.ts component. The flaw enables allow-always persistence that trusts wrapper carrier executables rather than the actual invoked targets. Attackers can leverage positional carrier executable routing through dispatch wrappers to create broader allowlist entries than intended, thereby weakening execution approval boundaries. The vulnerability carries a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) and maps to CWE-807.

A local attacker with low privileges can exploit this issue with low complexity by inducing user interaction. Successful exploitation allows the attacker to bypass intended restrictions, establishing persistent trust in unintended executables and weakening security boundaries around execution approvals.

The OpenClaw GitHub security advisory (https://github.com/openclaw/openclaw/security/advisories/GHSA-p4x4-2r7f-wjxg) and VulnCheck analysis (https://www.vulncheck.com/advisories/openclaw-arbitrary-execution-allowlist-via-wrapper-carrier-executables) provide further details on the issue. Mitigation requires upgrading to OpenClaw 2026.3.28 or later, as the vulnerability affects prior versions.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

OpenClaw before 2026.3.28 contains an execution approval vulnerability in exec-approvals-allowlist.ts that allows allow-always persistence to trust wrapper carrier executables instead of invoked targets. Attackers can exploit positional carrier executable routing through dispatch wrappers to establish broader allowlist entries than intended,…

more

weakening execution approval boundaries.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1685 Disable or Modify Tools Defense Impairment
Adversaries may disable, degrade, or tamper with security tools or applications (e.
Why these techniques?

The vulnerability allows attackers to broaden execution allowlists via wrapper carrier executables, directly facilitating modification of defensive execution approval controls to impair their effectiveness.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-32057Same product: Openclaw Openclaw
CVE-2026-41299Same product: Openclaw Openclaw
CVE-2026-41390Same product: Openclaw Openclaw
CVE-2026-32975Same product: Openclaw Openclaw
CVE-2026-35670Same product: Openclaw Openclaw
CVE-2026-32054Same product: Openclaw Openclaw
CVE-2026-28454Same product: Openclaw Openclaw
CVE-2026-32978Same product: Openclaw Openclaw
CVE-2026-32013Same product: Openclaw Openclaw
CVE-2026-43531Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.3.28

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces deny-all, permit-by-exception policies for authorized executables via allowlists, directly preventing exploitation of flawed execution approval logic that trusts wrapper carriers over invoked targets.

prevent

Implements a tamper-proof reference monitor to mediate all access decisions including executions, countering bypasses in approval boundaries through dispatch wrappers.

prevent

Requires timely flaw remediation via patching, directly addressing the vendor-recommended upgrade to OpenClaw 2026.3.28 to fix the allow-always persistence vulnerability.

References