Cyber Resilience

CVE-2026-41392

MediumPublic PoC

Published: 28 April 2026

Published
28 April 2026
Modified
30 April 2026
KEV Added
Patch
CVSS Score v4 5.4 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0002 7.1th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-41392 is a medium-severity Incomplete List of Disallowed Inputs (CWE-184) vulnerability in Openclaw Openclaw. Its CVSS base score is 5.4 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked at the 7.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-41392, published on 2026-04-28, affects OpenClaw versions before 2026.3.31 and involves an exec allowlist bypass vulnerability. Attackers can inherit allowlist trust via shell init-file wrapper invocations, exploiting shell options such as --rcfile, --init-file, and --startup-file to load attacker-chosen initialization files while evading exec allowlist matching restrictions. The issue carries a CVSS v3.1 base score of 6.7 (AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H) and maps to CWE-184.

Local attackers with low privileges (PR:L) can exploit this vulnerability, though it requires high attack complexity (AC:H) and user interaction (UI:R), such as tricking a user into invoking the affected shell options. Successful exploitation bypasses the exec allowlist, enabling high-impact outcomes including unauthorized access to confidential data, modification of system integrity, and disruption of availability.

Mitigation details are outlined in official advisories, including the OpenClaw GitHub security advisory (GHSA-wpc6-37g7-8q4w), a patch commit (0c8375424620e12777ef24c162eedc7e9fcfd7e3), and a VulnCheck advisory. Updating to OpenClaw 2026.3.31 or later addresses the vulnerability by resolving the allowlist bypass.

EU & UK References

Vulnerability details

OpenClaw before 2026.3.31 contains an exec allowlist bypass vulnerability allowing attackers to inherit allowlist trust via shell init-file wrapper invocations. Attackers can exploit shell options like --rcfile, --init-file, and --startup-file to load attacker-chosen initialization files while bypassing exec allowlist matching…

more

restrictions.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
T1202 Indirect Command Execution Stealth
Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.
Why these techniques?

The vulnerability enables bypassing an exec allowlist by abusing Unix shell options (--rcfile, --init-file, --startup-file) to load attacker-chosen initialization files, directly facilitating command execution via the shell interpreter and indirect execution to evade security restrictions.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-22175Same product: Openclaw Openclaw
CVE-2026-31992Same product: Openclaw Openclaw
CVE-2026-44115Same product: Openclaw Openclaw
CVE-2026-28363Same product: Openclaw Openclaw
CVE-2026-43584Same product: Openclaw Openclaw
CVE-2026-32017Same product: Openclaw Openclaw
CVE-2026-43532Same product: Openclaw Openclaw
CVE-2026-43530Same product: Openclaw Openclaw
CVE-2026-32010Same product: Openclaw Openclaw
CVE-2026-43566Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.3.31

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and correction of flaws like the exec allowlist bypass in OpenClaw, directly preventing exploitation of CVE-2026-41392.

prevent

Implements a reference monitor for complete mediation of subject-object references, preventing bypass of exec allowlist via shell init-file wrapper invocations.

prevent

Enforces least functionality by restricting system capabilities to essential authorized software and functions, mitigating unauthorized execution through allowlist mechanisms despite the bypass vulnerability.

References