CVE-2026-41371 PUBLISHED

OpenClaw < 2026.3.28 - Privilege Escalation via chat.send Reset Command

Assigner: VulnCheck
Reserved: 20.04.2026 Published: 27.04.2026 Updated: 27.04.2026

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in chat.send that allows write-scoped gateway callers to trigger admin-only session reset operations. Attackers can rotate target sessions, archive prior transcript state, and force new session IDs without requiring admin scope by exploiting improper authorization checks in the chat.send path.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L
CVSS Score: 8.4

Product Status

Vendor OpenClaw
Product OpenClaw
Versions Default: unaffected
  • affected from 0 to 2026.3.28 (excl.)
  • Version 2026.3.28 is unaffected

Credits

  • Peng Zhou (@zpbrent) reporter

References

Problem Types

  • CWE-863: Incorrect Authorization CWE