CVE-2026-41379
Received Received - Intake
Privilege Escalation in OpenClaw Voice Configuration via chat.send

Publication date: 2026-04-28

Last updated on: 2026-05-01

Assigner: VulnCheck

Description
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Talk Voice configuration persistence. Attackers with operator.write privileges can exploit the chat.send endpoint to reach and modify sensitive voice configuration settings intended for administrators only.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-28
Last Modified
2026-05-01
Generated
2026-06-16
AI Q&A
2026-04-29
EPSS Evaluated
2026-06-14
NVD
CVE-2026-41379
EUVD
EUVD-2026-26088
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.3.28 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not explicitly address how CVE-2026-41379 affects compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability can be detected by monitoring for unauthorized use of the `/voice set` command via the chat.send endpoint by users with only operator.write privileges.

Specifically, you can check logs or audit trails for attempts to execute `/voice set` commands originating from gateway clients (such as webchat) by users lacking operator.admin scope.

Suggested commands include reviewing access logs for chat.send endpoint usage and filtering for operator.write users executing `/voice set` commands.

  • Search logs for `/voice set` commands issued by operator.write users.
  • Monitor network traffic for chat.send endpoint requests from operator.write accounts.
  • Use application-specific audit or debug logs to identify scope violations related to voice configuration changes.
Mitigation Strategies

The immediate mitigation step is to upgrade OpenClaw to version 2026.3.28 or later, where the vulnerability has been fixed.

The fix enforces that only clients with the operator.admin scope can execute the `/voice set` command via gateway clients, preventing unauthorized privilege escalation.

Until the upgrade is applied, restrict operator.write privileges to trusted users only and monitor for suspicious use of the chat.send endpoint.

Impact Analysis

This vulnerability allows an attacker with operator.write privileges to escalate their access and modify sensitive voice configuration settings intended only for administrators.

Such unauthorized changes could lead to unauthorized control over voice communication settings, potentially disrupting service or enabling further attacks.

Because the vulnerability can be exploited remotely over the network without user interaction, it poses a moderate to high risk if left unpatched.

Executive Summary

CVE-2026-41379 is a privilege escalation vulnerability in OpenClaw versions before 2026.3.28. It allows authenticated users with operator.write permissions to exploit the chat.send endpoint to access and modify admin-level Talk Voice configuration persistence, which should only be accessible to administrators.

The root cause is improper privilege management where the system fails to enforce that only users with the operator.admin scope can perform certain voice configuration changes. This flaw lets lower-privileged operators indirectly write persistent admin-class voice settings via the /voice set command through gateway clients like webchat.

The vulnerability was fixed by adding explicit scope enforcement requiring operator.admin privileges for these sensitive commands when issued from gateway clients.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-41379. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart