CVE-2026-41371
Privilege Escalation in OpenClaw chat.send via Improper Authorization
Publication date: 2026-04-28
Last updated on: 2026-04-28
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.3.28 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthorized privilege escalation enabling attackers to reset sessions, archive prior transcript states, and force new session IDs without admin privileges.
Such unauthorized access and manipulation of session data could potentially lead to violations of data protection and privacy regulations like GDPR and HIPAA, which require strict controls over access to sensitive information and session integrity.
However, the provided information does not explicitly state the direct impact on compliance with these standards.
Can you explain this vulnerability to me?
CVE-2026-41371 is a privilege escalation vulnerability in OpenClaw versions before 2026.3.28 that affects the chat.send API path.
The vulnerability occurs because the chat.send function improperly reuses command authorization, allowing users with write-scoped gateway permissions (operator.write) to perform admin-only session reset operations.
This flaw lets attackers rotate target sessions, archive previous transcript states, and force the creation of new session IDs without needing admin privileges, due to incorrect authorization checks.
The issue is classified under CWE-284 (Improper Access Control) and CWE-863 (Incorrect Authorization) and was fixed in version 2026.3.28.
How can this vulnerability impact me? :
This vulnerability can allow an attacker with write-scoped gateway permissions to escalate their privileges and perform admin-only operations.
Specifically, attackers can rotate user sessions, archive prior chat transcript states, and force new session IDs, potentially disrupting session integrity and availability.
Such unauthorized session resets could lead to denial of service or manipulation of session data, impacting the reliability and trustworthiness of the system.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves improper authorization checks in the chat.send API path allowing write-scoped gateway callers to perform admin-only session reset operations. Detection would involve monitoring for unusual session reset commands triggered by users without admin privileges.
Specifically, you can look for calls to the chat.send function that result in session rotation, transcript archiving, or new session ID creation initiated by users with only write-scoped permissions.
Since the vulnerability is related to the misuse of the chat.send API, network or application logs capturing API calls and their authorization scopes should be analyzed.
No explicit detection commands or scripts are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade OpenClaw to version 2026.3.28 or later, where the issue has been fixed by aligning the scope checks for the chat.send reset command.
Until the upgrade can be applied, restrict or monitor access to the chat.send API, especially for users with write-scoped gateway permissions, to prevent unauthorized session reset operations.
Review and tighten authorization policies to ensure that only admin-scoped users can perform session reset operations.