Cyber Resilience

CVE-2026-41394

HighPublic PoC

Published: 28 April 2026

Published
28 April 2026
Modified
30 April 2026
KEV Added
Patch
CVSS Score v4 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0029 20.4th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-41394 is a high-severity Missing Authorization (CWE-862) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2026-41394 is an authentication bypass vulnerability affecting OpenClaw versions prior to 2026.3.31. The issue arises in unauthenticated plugin-auth HTTP routes, which incorrectly grant operator runtime write scopes. This allows attackers to access these routes without authentication and perform privileged runtime actions intended exclusively for authorized operators. The vulnerability is rated with a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N) and is associated with CWE-862 (Missing Authorization).

Unauthenticated attackers with network access can exploit this vulnerability due to its low attack complexity and lack of required privileges or user interaction. By targeting the affected HTTP routes, they can achieve high-impact integrity violations, such as executing unauthorized operator-level runtime modifications, while causing low confidentiality impact and no availability disruption. The unchanged scope indicates exploitation remains within the vulnerable component.

Mitigation details are available in official advisories and the fixing commit. The GitHub security advisory (GHSA-mhgq-xpfq-6r66) and the patch commit (2a1db0c0f1fa375004a95ba0ef030534790a6d47) address the issue in OpenClaw 2026.3.31, with additional analysis in the Vulncheck advisory on unauthorized operator scope access in plugin-auth routes. Security practitioners should upgrade to version 2026.3.31 or later and review these references for implementation specifics.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

OpenClaw before 2026.3.31 contains an authentication bypass vulnerability where unauthenticated plugin-auth HTTP routes receive operator runtime write scopes. Attackers can access these routes without authentication to perform privileged runtime actions intended for authorized operators.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Authentication bypass in unauthenticated HTTP routes of a network-accessible service directly enables initial access by exploiting a public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-43580Same product: Openclaw Openclaw
CVE-2026-43573Same product: Openclaw Openclaw
CVE-2026-42439Same product: Openclaw Openclaw
CVE-2026-43575Same product: Openclaw Openclaw
CVE-2026-35660Same product: Openclaw Openclaw
CVE-2026-32924Same product: Openclaw Openclaw
CVE-2026-35622Same product: Openclaw Openclaw
CVE-2026-28469Same product: Openclaw Openclaw
CVE-2026-22171Same product: Openclaw Openclaw
CVE-2026-41378Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.3.31

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

AC-14 explicitly identifies and limits actions permissible without identification or authentication, directly preventing privileged operator runtime write scopes on unauthenticated plugin-auth HTTP routes.

prevent

AC-3 enforces approved authorizations for access to system resources, blocking unauthenticated attackers from performing privileged runtime actions via vulnerable HTTP routes.

prevent

AC-6 applies least privilege to ensure operator runtime write scopes are granted only to authorized entities, reducing the impact of authentication bypass on plugin-auth routes.

References