CVE-2026-41380
Execution Approval Bypass in OpenClaw exec-approvals-allowlist.ts
Publication date: 2026-04-28
Last updated on: 2026-05-01
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.3.28 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-807 | The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in OpenClaw allows unauthorized code execution by weakening execution approval boundaries, which can lead to high impacts on confidentiality, integrity, and availability of data.
Such impacts could potentially affect compliance with standards and regulations like GDPR and HIPAA, which require strict controls to protect sensitive data and ensure system integrity and availability.
However, the provided information does not explicitly discuss or analyze the direct effects of this vulnerability on compliance with these or other common standards and regulations.
Can you explain this vulnerability to me?
CVE-2026-41380 is a vulnerability in OpenClaw versions before 2026.3.28 involving the execution approval system. The flaw occurs because the allow-always persistence mechanism trusts wrapper carrier executables (dispatch or wrapper executables used to invoke commands) instead of the actual target executables. This means attackers can exploit the routing through these wrapper executables to create broader allowlist entries than intended, weakening the execution approval boundaries.
This vulnerability is classified under CWE-807, which relates to reliance on untrusted inputs in security decisions, and it allows unauthorized code execution by bypassing intended execution restrictions.
How can this vulnerability impact me? :
This vulnerability can allow an attacker with local access and low privileges to exploit the execution approval system by leveraging wrapper carrier executables to persist broader allowlist entries than intended.
As a result, unauthorized commands or code can be executed, potentially compromising the confidentiality, integrity, and availability of the affected system.
- Local exploitation with low complexity and low privileges required.
- Requires some user interaction.
- High impact on confidentiality, integrity, and availability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate CVE-2026-41380, you should upgrade OpenClaw to version 2026.3.28 or later, where the vulnerability has been fixed.
The fix rejects wrapper carrier executables as valid allow-always targets, ensuring that only the actual invoked target executables are trusted, thereby restoring proper execution approval boundaries.