CVE-2026-41381
Received Received - Intake
Access Control Bypass in OpenClaw Discord Voice Manager

Publication date: 2026-04-28

Last updated on: 2026-05-01

Assigner: VulnCheck

Description
OpenClaw before 2026.3.31 contains an access control bypass vulnerability in the Discord voice manager that allows attackers to bypass channel-level member access allowlist restrictions. Attackers can send Discord voice ingress requests before channel allowlist authorization is performed, gaining unauthorized access to restricted voice channels.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-28
Last Modified
2026-05-01
Generated
2026-06-16
AI Q&A
2026-04-28
EPSS Evaluated
2026-06-15
NVD
CVE-2026-41381
EUVD
EUVD-2026-26090
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.3.31 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-41381 is an access control bypass vulnerability in OpenClaw versions before 2026.3.31, specifically in the Discord voice manager component.

The flaw allows attackers to bypass channel-level member access allowlist restrictions by sending Discord voice ingress requests before the authorization checks are performed.

This means attackers can gain unauthorized access to restricted voice channels without proper permissions.

Impact Analysis

This vulnerability allows attackers to join restricted voice channels without authorization, potentially exposing sensitive communications or information shared within those channels.

Because the attacker can bypass access controls, it undermines the intended security and privacy controls of the Discord voice channels managed by OpenClaw.

The impact on confidentiality and integrity is considered low according to the CVSS v4 score, but unauthorized access can still lead to privacy violations or information leakage.

Mitigation Strategies

To mitigate this vulnerability, you should immediately update OpenClaw to version 2026.3.31 or later, where the access control bypass issue in the Discord voice manager has been fixed.

This update addresses the flaw that allowed attackers to bypass channel-level member access allowlist restrictions by sending voice ingress requests before authorization checks.

Compliance Impact

The provided information does not specify how the CVE-2026-41381 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability involves unauthorized Discord voice ingress requests bypassing channel-level allowlist authorization in OpenClaw versions prior to 2026.3.31.

To detect this vulnerability on your network or system, you should monitor Discord voice ingress requests and verify whether unauthorized users are able to join restricted voice channels before authorization checks are performed.

Since the issue is related to access control bypass at the application level, network-level detection might involve capturing and analyzing Discord voice ingress traffic for anomalies or unauthorized access attempts.

Specific commands are not provided in the available resources. However, general approaches could include:

  • Using network packet capture tools like tcpdump or Wireshark to monitor Discord voice traffic and identify ingress requests.
  • Reviewing OpenClaw application logs for voice channel join events and checking if unauthorized users are present.
  • Comparing user IDs in voice channels against the configured allowlist to detect unauthorized access.

For precise detection commands or scripts, you may need to refer to OpenClaw's logging or monitoring capabilities or develop custom detection based on the application's behavior.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-41381. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart