CVE-2026-41375— OpenClaw < 2026.3.28 - Authorization Bypass in /phone arm and /phone disarm Endpoints
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-41375
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenClaw < 2026.3.28 - Authorization Bypass in /phone arm and /phone disarm Endpoints
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the /phone arm and /phone disarm endpoints that fails to properly enforce operator.admin scope checks for external channels. Attackers can bypass authentication restrictions to arm or disarm phone channels without proper administrative privileges.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不正确
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenClaw 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.3.28之前版本存在安全漏洞,该漏洞源于/phone arm和/phone disarm端点中的授权绕过漏洞,未能正确执行外部通道的operator.admin作用域检查。攻击者可以绕过身份验证限制,在没有适当管理权限的情况下武装或解除电话通道。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-41375
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-41375
Please Login to view more intelligence information
Same Patch Batch · OpenClaw · 2026-04-28 · 53 CVEs total
| CVE-2026-41386 | 9.1 CRITICAL | OpenClaw < 2026.3.22 - Privilege Escalation via Unbound Bootstrap Setup Codes |
| CVE-2026-42422 | 8.8 HIGH | OpenClaw < 2026.4.8 - Role Bypass in device.token.rotate Function |
| CVE-2026-41378 | 8.8 HIGH | OpenClaw < 2026.3.31 - Privilege Escalation to Remote Code Execution via Unrestricted node |
| CVE-2026-41404 | 8.8 HIGH | OpenClaw < 2026.3.31 - Operator Admin Privilege Escalation via Trusted-Proxy Authenticatio |
| CVE-2026-42426 | 8.8 HIGH | OpenClaw < 2026.4.8 - Improper Authorization in node.pair.approve via operator.write Scope |
| CVE-2026-41914 | 8.5 HIGH | OpenClaw < 2026.4.8 - Server-Side Request Forgery in QQ Bot Media Fetch Paths |
| CVE-2026-41394 | 8.2 HIGH | OpenClaw < 2026.3.31 - Unauthorized Operator Scope Access in Unauthenticated Plugin-Auth R |
| CVE-2026-42431 | 8.1 HIGH | OpenClaw < 2026.4.8 - Persistent Profile Mutation via node.invoke(browser.proxy) Bypass |
| CVE-2026-41383 | 8.1 HIGH | OpenClaw < 2026.4.2 - Arbitrary Remote Directory Deletion via Mis-scoped Mirror Mode Paths |
| CVE-2026-41387 | 7.8 HIGH | OpenClaw < 2026.3.22 - Supply Chain Redirection via Incomplete Host Environment Sanitizati |
| CVE-2026-41384 | 7.8 HIGH | OpenClaw < 2026.3.24 - Environment Variable Injection via Workspace Config in CLI Backend |
| CVE-2026-42432 | 7.8 HIGH | OpenClaw < 2026.4.8 - Command Escalation via Node Pairing Reconnect Bypass |
| CVE-2026-41396 | 7.8 HIGH | OpenClaw < 2026.3.31 - Environment Variable Override of Plugin Trust Root |
| CVE-2026-41912 | 7.6 HIGH | OpenClaw < 2026.4.8 - Server-Side Request Forgery Policy Bypass via Interaction-Triggered |
| CVE-2026-42423 | 7.5 HIGH | OpenClaw < 2026.4.8 - strictInlineEval Approval Boundary Bypass via Approval-Timeout Fallb |
| CVE-2026-41405 | 7.5 HIGH | OpenClaw < 2026.3.31 - Resource Exhaustion via Unauthenticated MS Teams Webhook Body Parsi |
| CVE-2026-41399 | 7.5 HIGH | OpenClaw < 2026.3.28 - Denial of Service via Unbounded Pre-auth WebSocket Upgrades |
| CVE-2026-41395 | 7.5 HIGH | OpenClaw < 2026.3.28 - Webhook Replay via Query Parameter Reordering in Plivo V3 |
| CVE-2026-41380 | 7.3 HIGH | OpenClaw < 2026.3.28 - Arbitrary Execution Allowlist via Wrapper Carrier Executables |
| CVE-2026-41390 | 7.3 HIGH | OpenClaw < 2026.3.28 - Exec Allowlist Bypass via Unregistered /usr/bin/script Wrapper |
Showing top 20 of 53 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: OpenClaw
- CVE-2026-44118
OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Tok - CVE-2026-44117
OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot - CVE-2026-44116
OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo P - CVE-2026-44115
OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted He - CVE-2026-44114
OpenClaw < 2026.4.20 - Environment Variable Namespace Collis
Same vendor: OpenClaw
- CVE-2026-44118
OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Tok - CVE-2026-44116
OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo P - CVE-2026-44117
OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot - CVE-2026-44115
OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted He - CVE-2026-44114
OpenClaw < 2026.4.20 - Environment Variable Namespace Collis
Same weakness: CWE-863
- CVE-2025-15633
HCL BigFix WebUI is affected by an improper authorization vu - CVE-2026-42296
Argo Workflows has incomplete fix for CVE-2026-31892: hostNe - CVE-2025-66170
Apache CloudStack: Any user can list backups that they shoul - CVE-2026-41903
FreeScout IDOR Vulnerability: PERM_EDIT_USERS allows modifyi - CVE-2026-41689
Wallos: Shared local webhook allowlist lets low-privilege us
V. Comments for CVE-2026-41375
No comments yet