CVE-2026-41376— OpenClaw < 2026.3.31 - Matrix Thread Context Allowlist Bypass via Sender Validation
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-41376
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenClaw < 2026.3.31 - Matrix Thread Context Allowlist Bypass via Sender Validation
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenClaw before 2026.3.31 contains an allowlist bypass vulnerability in Matrix thread root and reply context handling that fails to properly validate message senders. Attackers can fetch thread-root and reply context messages that should be filtered by sender allowlists, bypassing access controls.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
源验证错误
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenClaw 访问控制错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.3.31之前版本存在访问控制错误漏洞,该漏洞源于Matrix线程根和回复上下文处理中的允许列表绕过漏洞,未能正确验证消息发送者。攻击者可以获取应由发送者允许列表过滤的线程根和回复上下文消息,绕过访问控制。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-41376
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-41376
请登录查看更多情报信息。
Same Patch Batch · OpenClaw · 2026-04-28 · 53 CVEs total
| CVE-2026-41386 | 9.1 CRITICAL | OpenClaw < 2026.3.22 - Privilege Escalation via Unbound Bootstrap Setup Codes |
| CVE-2026-42422 | 8.8 HIGH | OpenClaw < 2026.4.8 - Role Bypass in device.token.rotate Function |
| CVE-2026-41378 | 8.8 HIGH | OpenClaw < 2026.3.31 - Privilege Escalation to Remote Code Execution via Unrestricted node |
| CVE-2026-41404 | 8.8 HIGH | OpenClaw < 2026.3.31 - Operator Admin Privilege Escalation via Trusted-Proxy Authenticatio |
| CVE-2026-42426 | 8.8 HIGH | OpenClaw < 2026.4.8 - Improper Authorization in node.pair.approve via operator.write Scope |
| CVE-2026-41914 | 8.5 HIGH | OpenClaw < 2026.4.8 - Server-Side Request Forgery in QQ Bot Media Fetch Paths |
| CVE-2026-41394 | 8.2 HIGH | OpenClaw < 2026.3.31 - Unauthorized Operator Scope Access in Unauthenticated Plugin-Auth R |
| CVE-2026-42431 | 8.1 HIGH | OpenClaw < 2026.4.8 - Persistent Profile Mutation via node.invoke(browser.proxy) Bypass |
| CVE-2026-41383 | 8.1 HIGH | OpenClaw < 2026.4.2 - Arbitrary Remote Directory Deletion via Mis-scoped Mirror Mode Paths |
| CVE-2026-41387 | 7.8 HIGH | OpenClaw < 2026.3.22 - Supply Chain Redirection via Incomplete Host Environment Sanitizati |
| CVE-2026-41384 | 7.8 HIGH | OpenClaw < 2026.3.24 - Environment Variable Injection via Workspace Config in CLI Backend |
| CVE-2026-42432 | 7.8 HIGH | OpenClaw < 2026.4.8 - Command Escalation via Node Pairing Reconnect Bypass |
| CVE-2026-41396 | 7.8 HIGH | OpenClaw < 2026.3.31 - Environment Variable Override of Plugin Trust Root |
| CVE-2026-41912 | 7.6 HIGH | OpenClaw < 2026.4.8 - Server-Side Request Forgery Policy Bypass via Interaction-Triggered |
| CVE-2026-42423 | 7.5 HIGH | OpenClaw < 2026.4.8 - strictInlineEval Approval Boundary Bypass via Approval-Timeout Fallb |
| CVE-2026-41405 | 7.5 HIGH | OpenClaw < 2026.3.31 - Resource Exhaustion via Unauthenticated MS Teams Webhook Body Parsi |
| CVE-2026-41399 | 7.5 HIGH | OpenClaw < 2026.3.28 - Denial of Service via Unbounded Pre-auth WebSocket Upgrades |
| CVE-2026-41395 | 7.5 HIGH | OpenClaw < 2026.3.28 - Webhook Replay via Query Parameter Reordering in Plivo V3 |
| CVE-2026-41380 | 7.3 HIGH | OpenClaw < 2026.3.28 - Arbitrary Execution Allowlist via Wrapper Carrier Executables |
| CVE-2026-41390 | 7.3 HIGH | OpenClaw < 2026.3.28 - Exec Allowlist Bypass via Unregistered /usr/bin/script Wrapper |
Showing top 20 of 53 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: OpenClaw
- CVE-2026-44118
OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Tok - CVE-2026-44117
OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot - CVE-2026-44116
OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo P - CVE-2026-44115
OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted He - CVE-2026-44114
OpenClaw < 2026.4.20 - Environment Variable Namespace Collis
Same vendor: OpenClaw
- CVE-2026-44118
OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Tok - CVE-2026-44116
OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo P - CVE-2026-44117
OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot - CVE-2026-44115
OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted He - CVE-2026-44114
OpenClaw < 2026.4.20 - Environment Variable Namespace Collis
Same weakness: CWE-346
- CVE-2026-6508
RCE in TUBITAK BILGEM's Liderahenk - CVE-2026-43870
Apache Thrift: Node.js web_server.js multi-vulnerability - CVE-2026-7439
AgentFlow Local Web API Content-Type Validation Bypass - CVE-2026-41398
OpenClaw - Unauthorized Agent Request Dispatch via Untrusted - CVE-2026-41393
OpenClaw < 2026.3.31 - Arbitrary DNS Authority Acceptance an
V. Comments for CVE-2026-41376
No comments yet