CVE-2026-41390
Received Received - Intake
Execution Allowlist Bypass in OpenClaw Enables Persistent Trust Abuse

Publication date: 2026-04-28

Last updated on: 2026-04-30

Assigner: VulnCheck

Description
OpenClaw before 2026.3.28 contains an exec allowlist bypass vulnerability where allow-always persistence fails to unwrap /usr/bin/script and similar wrappers before storing trust decisions. Attackers can obtain user approval for one wrapped command to persist trust for wrapper binaries that execute different underlying programs.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-28
Last Modified
2026-04-30
Generated
2026-06-16
AI Q&A
2026-04-28
EPSS Evaluated
2026-06-15
NVD
CVE-2026-41390
EUVD
EUVD-2026-26098
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.3.28 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-807 The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows attackers to bypass authorization controls, leading to high impact on confidentiality, integrity, and availability of data.

Such unauthorized access and potential data modification or disruption could negatively affect compliance with standards and regulations like GDPR and HIPAA, which require strict controls to protect sensitive data and ensure system integrity.

However, the provided information does not explicitly mention compliance impacts or specific regulatory considerations.

Executive Summary

CVE-2026-41390 is a vulnerability in OpenClaw versions before 2026.3.28 involving the exec allowlist feature's allow-always persistence mechanism. The issue is that the system fails to properly unwrap command wrappers like /usr/bin/script before storing trust decisions. This means that when a user approves a wrapped command, the system incorrectly grants persistent trust to the wrapper binary itself rather than the actual underlying executable.

As a result, an attacker can exploit this by obtaining user approval for one wrapped command, which then allows the wrapper binary to execute different, potentially unauthorized programs without further user consent.

Impact Analysis

This vulnerability can have a high impact on confidentiality, integrity, and availability of your system. Exploitation allows attackers to bypass authorization controls by executing unauthorized programs through trusted wrapper binaries.

  • Unauthorized access to sensitive data (confidentiality impact).
  • Modification or corruption of data or system state (integrity impact).
  • Disruption of service or system availability (availability impact).

The attack requires local access with low privileges and user interaction, but once exploited, it can lead to significant unauthorized actions on the system.

Mitigation Strategies

To mitigate the CVE-2026-41390 vulnerability, you should upgrade OpenClaw to version 2026.3.28 or later, where the issue with unwrapping script wrappers before storing trust decisions has been fixed.

This update ensures that trust is correctly assigned to the actual executed binaries rather than their wrappers, preventing attackers from bypassing the exec allowlist.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-41390. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart