Compliance Impact

The provided information does not specify any direct impact of CVE-2026-41375 on compliance with common standards and regulations such as GDPR or HIPAA.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-41375 is an authorization bypass vulnerability in OpenClaw versions before 2026.3.28. It affects the /phone arm and /phone disarm API endpoints, which fail to properly enforce the operator.admin scope checks for external channels. This means that attackers with limited privileges can bypass authentication restrictions and arm or disarm phone channels without having the necessary administrative rights.

The vulnerability is classified under CWE-863 (Incorrect Authorization) and is considered a medium severity risk because it allows privilege escalation through improper access control on critical phone management functions.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows unauthorized users to perform administrative actions such as arming or disarming phone channels without proper privileges. This can lead to unauthorized control over phone systems, potentially disrupting communications or enabling malicious activities.

Because the vulnerability bypasses authentication restrictions, it can be exploited by attackers on external channels, increasing the risk of privilege escalation and unauthorized configuration changes.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves unauthorized access to the /phone arm and /phone disarm API endpoints without proper administrative privileges. To detect exploitation attempts on your network or system, you should monitor calls to these endpoints, especially those originating from external channels.

Suggested detection steps include:

• Monitor API logs for calls to /phone arm and /phone disarm endpoints from users or clients lacking the operator.admin scope.
• Check for unexpected arming or disarming of phone channels initiated by non-administrative users.
• Use network monitoring tools to filter and analyze traffic targeting these endpoints, focusing on external channels such as telegram or other non-webchat sources.
• If possible, run commands or scripts that query the system's current phone channel status and recent changes to detect unauthorized state changes.

Specific commands are not provided in the available resources, but focusing on API access logs and permission scope checks is recommended.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation step is to update OpenClaw to version 2026.3.28 or later, which contains the patch that enforces the operator.admin scope check on all channels for the /phone arm and /phone disarm endpoints.

• Upgrade OpenClaw to version 2026.3.28 or newer to apply the official fix.
• Restrict access to the /phone arm and /phone disarm endpoints to only trusted administrative users until the patch is applied.
• Review and tighten permissions on external channels to prevent unauthorized users from accessing sensitive phone control commands.

These steps will prevent unauthorized users from bypassing authentication restrictions and performing privileged actions on phone channels.

Useful 0 Not Useful 0