CVE-2026-41390
Published: 28 April 2026
Summary
CVE-2026-41390 is a high-severity Reliance on Untrusted Inputs in a Security Decision (CWE-807) vulnerability in Openclaw Openclaw. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked at the 6.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Timely identification, reporting, and correction of the specific flaw in OpenClaw's allow-always persistence prevents the exec allowlist bypass via wrapper unwrapping failure.
Vulnerability scanning detects CVE-2026-41390 in OpenClaw, enabling remediation to block persistence of trust for wrapper binaries executing unauthorized programs.
Responding to OpenClaw security advisories for CVE-2026-41390 by upgrading to 2026.3.28 or later fixes the wrapper unwrapping issue in trust decisions.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The allowlist bypass via wrapper persistence (e.g., /usr/bin/script) directly enables arbitrary command execution through Unix shell and facilitates system binary proxy execution to run unauthorized programs under trusted context.
NVD Description
OpenClaw before 2026.3.28 contains an exec allowlist bypass vulnerability where allow-always persistence fails to unwrap /usr/bin/script and similar wrappers before storing trust decisions. Attackers can obtain user approval for one wrapped command to persist trust for wrapper binaries that execute…
more
different underlying programs.
Deeper analysisAI
CVE-2026-41390 is an exec allowlist bypass vulnerability in OpenClaw versions prior to 2026.3.28. The flaw occurs in the allow-always persistence feature, which fails to unwrap wrappers like /usr/bin/script and similar binaries before storing trust decisions. As a result, attackers can leverage user approval for one wrapped command to persist trust for the wrapper, enabling execution of different underlying programs. The vulnerability is associated with CWE-807 and carries a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H); it was published on 2026-04-28T19:37:42.173.
A local attacker with low privileges can exploit this issue by presenting a wrapped command that requires user interaction for approval. Once the user grants persistent trust to the wrapper binary, the attacker gains the ability to execute arbitrary underlying programs under the trusted context, potentially leading to high-impact confidentiality, integrity, and availability violations.
Mitigation guidance is available in the OpenClaw security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-6pfc-6m7w-m8fx and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-exec-allowlist-bypass-via-unregistered-usr-bin-script-wrapper. Upgrading to OpenClaw 2026.3.28 or later addresses the vulnerability by properly handling wrapper unwrapping in trust persistence.
Details
- CWE(s)