CVE-2026-41380
Received Received - Intake
Execution Approval Bypass in OpenClaw exec-approvals-allowlist.ts

Publication date: 2026-04-28

Last updated on: 2026-05-01

Assigner: VulnCheck

Description
OpenClaw before 2026.3.28 contains an execution approval vulnerability in exec-approvals-allowlist.ts that allows allow-always persistence to trust wrapper carrier executables instead of invoked targets. Attackers can exploit positional carrier executable routing through dispatch wrappers to establish broader allowlist entries than intended, weakening execution approval boundaries.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-28
Last Modified
2026-05-01
Generated
2026-06-16
AI Q&A
2026-04-28
EPSS Evaluated
2026-06-15
NVD
CVE-2026-41380
EUVD
EUVD-2026-26089
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.3.28 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-807 The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-41380 is a vulnerability in OpenClaw versions before 2026.3.28 involving the execution approval system. The flaw occurs because the allow-always persistence mechanism trusts wrapper carrier executables (dispatch or wrapper executables used to invoke commands) instead of the actual target executables. This means attackers can exploit the routing through these wrapper executables to create broader allowlist entries than intended, weakening the execution approval boundaries.

This vulnerability is classified under CWE-807, which relates to reliance on untrusted inputs in security decisions, and it allows unauthorized code execution by bypassing intended execution restrictions.

Impact Analysis

This vulnerability can allow an attacker with local access and low privileges to exploit the execution approval system by leveraging wrapper carrier executables to persist broader allowlist entries than intended.

As a result, unauthorized commands or code can be executed, potentially compromising the confidentiality, integrity, and availability of the affected system.

  • Local exploitation with low complexity and low privileges required.
  • Requires some user interaction.
  • High impact on confidentiality, integrity, and availability.
Mitigation Strategies

To mitigate CVE-2026-41380, you should upgrade OpenClaw to version 2026.3.28 or later, where the vulnerability has been fixed.

The fix rejects wrapper carrier executables as valid allow-always targets, ensuring that only the actual invoked target executables are trusted, thereby restoring proper execution approval boundaries.

Compliance Impact

The vulnerability in OpenClaw allows unauthorized code execution by weakening execution approval boundaries, which can lead to high impacts on confidentiality, integrity, and availability of data.

Such impacts could potentially affect compliance with standards and regulations like GDPR and HIPAA, which require strict controls to protect sensitive data and ensure system integrity and availability.

However, the provided information does not explicitly discuss or analyze the direct effects of this vulnerability on compliance with these or other common standards and regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-41380. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart