Compliance Impact

CVE-2026-41300 allows attacker-discovered endpoints to be preserved during remote onboarding flows, potentially routing gateway credentials to malicious endpoints if an operator accepts the prefilled malicious URL. This unauthorized redirection of sensitive credentials could lead to exposure of confidential information.

Such exposure of sensitive credentials and unauthorized access could negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data against unauthorized access and disclosure.

However, the vulnerability requires manual acceptance by an operator for exploitation, which may mitigate some risk but does not eliminate the potential for non-compliance if exploited.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-41300 is a vulnerability in OpenClaw versions before 2026.3.31 involving the remote onboarding process. When an attacker-discovered endpoint URL is presented during onboarding, if the operator declines to trust this endpoint, the URL improperly persists into the manual prompt phase. This means the potentially malicious URL remains prefilled and can be accepted by the operator, allowing the attacker to route gateway credentials to their malicious endpoint.

The root cause is a trust-decline flaw where the system fails to clear or reset the discovered endpoint URL after it is declined, leading to unsafe URLs being used in manual configuration prompts.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to unauthorized redirection of sensitive gateway credentials to attacker-controlled endpoints if the operator manually accepts the prefilled malicious URL during onboarding.

As a result, attackers may gain access to gateway credentials, potentially compromising the security of the system and enabling further attacks or unauthorized access.

The vulnerability has a medium severity level with a CVSS v4 score of 6.9, indicating a significant risk if exploited.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves attacker-discovered remote WebSocket endpoints persisting through the trust decline process into manual onboarding prompts. Detection would focus on identifying if any remote onboarding flows contain unexpected or suspicious WebSocket URLs that survive trust decline.

Since the vulnerability manifests as a preserved remote URL after trust decline, you can monitor or audit onboarding logs or configuration files for any remote WebSocket URLs that should have been cleared but remain present.

Suggested commands might include searching configuration or log files for WebSocket URLs (e.g., URLs starting with "wss://" or "ws://") that are not the safe default (ws://127.0.0.1:18789). For example, using grep on Linux systems:

• grep -rE 'wss?://[^ ]+' /path/to/openclaw/configs /path/to/openclaw/logs
• Check for any URLs other than the default safe gateway URL (ws://127.0.0.1:18789) appearing in these files.

Additionally, network monitoring tools can be used to detect connections to unexpected remote WebSocket endpoints during onboarding processes.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation is to upgrade OpenClaw to version 2026.3.31 or later, where the vulnerability has been fixed.

The fix ensures that when a discovered remote WebSocket URL is declined by the operator, the system resets the remote URL to a safe default local gateway URL (ws://127.0.0.1:18789), preventing malicious endpoints from being used.

Until the upgrade can be applied, operators should be vigilant during manual onboarding prompts to carefully verify and not accept any prefilled remote URLs that are unexpected or suspicious.

Review onboarding procedures to ensure operators understand the risk of accepting untrusted endpoints and consider temporarily disabling remote onboarding if feasible.

Useful 0 Not Useful 0