CVE-2026-41379
Privilege Escalation in OpenClaw Voice Configuration via chat.send
Publication date: 2026-04-28
Last updated on: 2026-05-01
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.3.28 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability allows an attacker with operator.write privileges to escalate their access and modify sensitive voice configuration settings intended only for administrators.
Such unauthorized changes could lead to unauthorized control over voice communication settings, potentially disrupting service or enabling further attacks.
Because the vulnerability can be exploited remotely over the network without user interaction, it poses a moderate to high risk if left unpatched.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized use of the `/voice set` command via the chat.send endpoint by users with only operator.write privileges.
Specifically, you can check logs or audit trails for attempts to execute `/voice set` commands originating from gateway clients (such as webchat) by users lacking operator.admin scope.
Suggested commands include reviewing access logs for chat.send endpoint usage and filtering for operator.write users executing `/voice set` commands.
- Search logs for `/voice set` commands issued by operator.write users.
- Monitor network traffic for chat.send endpoint requests from operator.write accounts.
- Use application-specific audit or debug logs to identify scope violations related to voice configuration changes.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade OpenClaw to version 2026.3.28 or later, where the vulnerability has been fixed.
The fix enforces that only clients with the operator.admin scope can execute the `/voice set` command via gateway clients, preventing unauthorized privilege escalation.
Until the upgrade is applied, restrict operator.write privileges to trusted users only and monitor for suspicious use of the chat.send endpoint.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not explicitly address how CVE-2026-41379 affects compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-41379 is a privilege escalation vulnerability in OpenClaw versions before 2026.3.28. It allows authenticated users with operator.write permissions to exploit the chat.send endpoint to access and modify admin-level Talk Voice configuration persistence, which should only be accessible to administrators.
The root cause is improper privilege management where the system fails to enforce that only users with the operator.admin scope can perform certain voice configuration changes. This flaw lets lower-privileged operators indirectly write persistent admin-class voice settings via the /voice set command through gateway clients like webchat.
The vulnerability was fixed by adding explicit scope enforcement requiring operator.admin privileges for these sensitive commands when issued from gateway clients.