CVE-2026-41300
Trust-Decline Vulnerability in OpenClaw Enables Credential Hijacking
Publication date: 2026-04-21
Last updated on: 2026-04-27
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.3.31 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-372 | The product does not properly determine which state it is in, causing it to assume it is in state X when in fact it is in state Y, causing it to perform incorrect operations in a security-relevant manner. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-41300 is a vulnerability in OpenClaw versions before 2026.3.31 involving the remote onboarding process. When an attacker-discovered endpoint URL is presented during onboarding, if the operator declines to trust this endpoint, the URL improperly persists into the manual prompt phase. This means the potentially malicious URL remains prefilled and can be accepted by the operator, allowing the attacker to route gateway credentials to their malicious endpoint.
The root cause is a trust-decline flaw where the system fails to clear or reset the discovered endpoint URL after it is declined, leading to unsafe URLs being used in manual configuration prompts.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2026-41300 allows attacker-discovered endpoints to be preserved during remote onboarding flows, potentially routing gateway credentials to malicious endpoints if an operator accepts the prefilled malicious URL. This unauthorized redirection of sensitive credentials could lead to exposure of confidential information.
Such exposure of sensitive credentials and unauthorized access could negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data against unauthorized access and disclosure.
However, the vulnerability requires manual acceptance by an operator for exploitation, which may mitigate some risk but does not eliminate the potential for non-compliance if exploited.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized redirection of sensitive gateway credentials to attacker-controlled endpoints if the operator manually accepts the prefilled malicious URL during onboarding.
As a result, attackers may gain access to gateway credentials, potentially compromising the security of the system and enabling further attacks or unauthorized access.
The vulnerability has a medium severity level with a CVSS v4 score of 6.9, indicating a significant risk if exploited.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves attacker-discovered remote WebSocket endpoints persisting through the trust decline process into manual onboarding prompts. Detection would focus on identifying if any remote onboarding flows contain unexpected or suspicious WebSocket URLs that survive trust decline.
Since the vulnerability manifests as a preserved remote URL after trust decline, you can monitor or audit onboarding logs or configuration files for any remote WebSocket URLs that should have been cleared but remain present.
Suggested commands might include searching configuration or log files for WebSocket URLs (e.g., URLs starting with "wss://" or "ws://") that are not the safe default (ws://127.0.0.1:18789). For example, using grep on Linux systems:
- grep -rE 'wss?://[^ ]+' /path/to/openclaw/configs /path/to/openclaw/logs
- Check for any URLs other than the default safe gateway URL (ws://127.0.0.1:18789) appearing in these files.
Additionally, network monitoring tools can be used to detect connections to unexpected remote WebSocket endpoints during onboarding processes.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation is to upgrade OpenClaw to version 2026.3.31 or later, where the vulnerability has been fixed.
The fix ensures that when a discovered remote WebSocket URL is declined by the operator, the system resets the remote URL to a safe default local gateway URL (ws://127.0.0.1:18789), preventing malicious endpoints from being used.
Until the upgrade can be applied, operators should be vigilant during manual onboarding prompts to carefully verify and not accept any prefilled remote URLs that are unexpected or suspicious.
Review onboarding procedures to ensure operators understand the risk of accepting untrusted endpoints and consider temporarily disabling remote onboarding if feasible.