CVE-2026-41300 PUBLISHED

OpenClaw < 2026.3.31 - Attacker-Discovered Endpoint Preservation in Remote Onboarding

Assigner: VulnCheck
Reserved: 20.04.2026 Published: 20.04.2026 Updated: 20.04.2026

OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote onboarding flows. Attackers can route gateway credentials to malicious endpoints by having their discovered URL survive the trust decline process into manual prompts requiring operator acceptance.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CVSS Score: 6.9

Product Status

Vendor OpenClaw
Product OpenClaw
Versions Default: unaffected
  • affected from 0 to 2026.3.31 (excl.)
  • Version 2026.3.31 is unaffected

Credits

  • zsx (@zsxsoft) reporter
  • KeenSecurityLab finder

References

Problem Types

  • CWE-372: Incomplete Internal State Distinction CWE