CVE-2026-41376
Allowlist Bypass in OpenClaw Matrix Thread Access Controls
Publication date: 2026-04-28
Last updated on: 2026-05-01
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.3.31 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-346 | The product does not properly verify that the source of data or communication is valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-41376 is a vulnerability in OpenClaw versions before 2026.3.31 that involves an allowlist bypass in the handling of Matrix thread root and reply contexts. The system fails to properly validate message senders, allowing attackers to fetch thread-root and reply context messages that should be restricted by sender allowlists. This means unauthorized senders can access or interact with messages in threads or replies that they should not be able to, bypassing access controls.
How can this vulnerability impact me? :
This vulnerability can allow unauthorized users to bypass sender allowlists and access or inject thread-root and reply context messages in Matrix rooms. As a result, attackers may gain access to restricted message contexts or inject misleading or harmful context into conversations, potentially compromising the integrity and confidentiality of communications within affected OpenClaw environments.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves bypassing sender allowlists in Matrix thread root and reply context handling in OpenClaw versions up to 2026.3.28. Detection would involve checking if your OpenClaw installation is running a vulnerable version and monitoring message contexts for unauthorized sender activity.
Since the vulnerability allows unauthorized senders to fetch thread-root and reply context messages, you can detect exploitation attempts by inspecting logs or message contexts for unexpected or disallowed sender IDs in thread or reply contexts.
There are no explicit commands provided in the resources to detect this vulnerability directly on your network or system.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade OpenClaw to version 2026.3.31 or later, where the vulnerability has been fixed by enforcing sender allowlist filtering on Matrix thread root and reply context handling.
This fix includes filtering fetched room context based on configured sender allowlists, dropping thread or reply contexts from unauthorized senders, and logging such drops for monitoring.
Additionally, review and configure your sender allowlists properly at the room or group level to ensure only authorized users can send messages that affect thread or reply contexts.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2026-41376 allows attackers to bypass sender allowlists in Matrix thread root and reply context handling, potentially enabling unauthorized access to messages that should be restricted. This unauthorized access could lead to exposure of sensitive or private information.
Such unauthorized data access may impact compliance with data protection regulations like GDPR or HIPAA, which require strict access controls and protection of personal or sensitive information.
However, the provided information does not explicitly state or analyze the direct impact of this vulnerability on compliance with these standards.