CVE-2026-41371
Received Received - Intake
Privilege Escalation in OpenClaw chat.send via Improper Authorization

Publication date: 2026-04-28

Last updated on: 2026-04-28

Assigner: VulnCheck

Description
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in chat.send that allows write-scoped gateway callers to trigger admin-only session reset operations. Attackers can rotate target sessions, archive prior transcript state, and force new session IDs without requiring admin scope by exploiting improper authorization checks in the chat.send path.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-28
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-04-28
EPSS Evaluated
2026-06-15
NVD
CVE-2026-41371
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.3.28 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-41371 is a privilege escalation vulnerability in OpenClaw versions before 2026.3.28 that affects the chat.send API path.

The vulnerability occurs because the chat.send function improperly reuses command authorization, allowing users with write-scoped gateway permissions (operator.write) to perform admin-only session reset operations.

This flaw lets attackers rotate target sessions, archive previous transcript states, and force the creation of new session IDs without needing admin privileges, due to incorrect authorization checks.

The issue is classified under CWE-284 (Improper Access Control) and CWE-863 (Incorrect Authorization) and was fixed in version 2026.3.28.

Impact Analysis

This vulnerability can allow an attacker with write-scoped gateway permissions to escalate their privileges and perform admin-only operations.

Specifically, attackers can rotate user sessions, archive prior chat transcript states, and force new session IDs, potentially disrupting session integrity and availability.

Such unauthorized session resets could lead to denial of service or manipulation of session data, impacting the reliability and trustworthiness of the system.

Detection Guidance

This vulnerability involves improper authorization checks in the chat.send API path allowing write-scoped gateway callers to perform admin-only session reset operations. Detection would involve monitoring for unusual session reset commands triggered by users without admin privileges.

Specifically, you can look for calls to the chat.send function that result in session rotation, transcript archiving, or new session ID creation initiated by users with only write-scoped permissions.

Since the vulnerability is related to the misuse of the chat.send API, network or application logs capturing API calls and their authorization scopes should be analyzed.

No explicit detection commands or scripts are provided in the available resources.

Mitigation Strategies

The primary mitigation step is to upgrade OpenClaw to version 2026.3.28 or later, where the issue has been fixed by aligning the scope checks for the chat.send reset command.

Until the upgrade can be applied, restrict or monitor access to the chat.send API, especially for users with write-scoped gateway permissions, to prevent unauthorized session reset operations.

Review and tighten authorization policies to ensure that only admin-scoped users can perform session reset operations.

Compliance Impact

The vulnerability allows unauthorized privilege escalation enabling attackers to reset sessions, archive prior transcript states, and force new session IDs without admin privileges.

Such unauthorized access and manipulation of session data could potentially lead to violations of data protection and privacy regulations like GDPR and HIPAA, which require strict controls over access to sensitive information and session integrity.

However, the provided information does not explicitly state the direct impact on compliance with these standards.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-41371. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart