CVE-2026-41392
Published: 28 April 2026
Summary
CVE-2026-41392 is a medium-severity Incomplete List of Disallowed Inputs (CWE-184) vulnerability in Openclaw Openclaw. Its CVSS base score is 5.4 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked at the 7.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-41392, published on 2026-04-28, affects OpenClaw versions before 2026.3.31 and involves an exec allowlist bypass vulnerability. Attackers can inherit allowlist trust via shell init-file wrapper invocations, exploiting shell options such as --rcfile, --init-file, and --startup-file to load attacker-chosen initialization files while evading exec allowlist matching restrictions. The issue carries a CVSS v3.1 base score of 6.7 (AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H) and maps to CWE-184.
Local attackers with low privileges (PR:L) can exploit this vulnerability, though it requires high attack complexity (AC:H) and user interaction (UI:R), such as tricking a user into invoking the affected shell options. Successful exploitation bypasses the exec allowlist, enabling high-impact outcomes including unauthorized access to confidential data, modification of system integrity, and disruption of availability.
Mitigation details are outlined in official advisories, including the OpenClaw GitHub security advisory (GHSA-wpc6-37g7-8q4w), a patch commit (0c8375424620e12777ef24c162eedc7e9fcfd7e3), and a VulnCheck advisory. Updating to OpenClaw 2026.3.31 or later addresses the vulnerability by resolving the allowlist bypass.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-26100
Vulnerability details
OpenClaw before 2026.3.31 contains an exec allowlist bypass vulnerability allowing attackers to inherit allowlist trust via shell init-file wrapper invocations. Attackers can exploit shell options like --rcfile, --init-file, and --startup-file to load attacker-chosen initialization files while bypassing exec allowlist matching…
more
restrictions.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables bypassing an exec allowlist by abusing Unix shell options (--rcfile, --init-file, --startup-file) to load attacker-chosen initialization files, directly facilitating command execution via the shell interpreter and indirect execution to evade security restrictions.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely identification, reporting, and correction of flaws like the exec allowlist bypass in OpenClaw, directly preventing exploitation of CVE-2026-41392.
Implements a reference monitor for complete mediation of subject-object references, preventing bypass of exec allowlist via shell init-file wrapper invocations.
Enforces least functionality by restricting system capabilities to essential authorized software and functions, mitigating unauthorized execution through allowlist mechanisms despite the bypass vulnerability.