CVE-2026-41910— OpenClaw < 2026.4.8 - Missing Owner-Only Enforcement in /allowlist Cross-Channel Writes
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-41910
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenClaw < 2026.4.8 - Missing Owner-Only Enforcement in /allowlist Cross-Channel Writes
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenClaw before 2026.4.8 omits owner-only enforcement for cross-channel allowlist writes in the /allowlist endpoint. An authorized non-owner sender can bypass access controls to perform allowlist modifications against different channels, violating the intended trust model.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不正确
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenClaw 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.4.8之前版本存在安全漏洞,该漏洞源于在/allowlist端点中缺少仅所有者执行的跨通道允许列表写入,可能导致授权的非所有者发送者绕过访问控制进行允许列表修改。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-41910
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-41910
请登录查看更多情报信息。
Same Patch Batch · OpenClaw · 2026-04-28 · 53 CVEs total
| CVE-2026-41386 | 9.1 CRITICAL | OpenClaw < 2026.3.22 - Privilege Escalation via Unbound Bootstrap Setup Codes |
| CVE-2026-42422 | 8.8 HIGH | OpenClaw < 2026.4.8 - Role Bypass in device.token.rotate Function |
| CVE-2026-41404 | 8.8 HIGH | OpenClaw < 2026.3.31 - Operator Admin Privilege Escalation via Trusted-Proxy Authenticatio |
| CVE-2026-41378 | 8.8 HIGH | OpenClaw < 2026.3.31 - Privilege Escalation to Remote Code Execution via Unrestricted node |
| CVE-2026-42426 | 8.8 HIGH | OpenClaw < 2026.4.8 - Improper Authorization in node.pair.approve via operator.write Scope |
| CVE-2026-41914 | 8.5 HIGH | OpenClaw < 2026.4.8 - Server-Side Request Forgery in QQ Bot Media Fetch Paths |
| CVE-2026-41394 | 8.2 HIGH | OpenClaw < 2026.3.31 - Unauthorized Operator Scope Access in Unauthenticated Plugin-Auth R |
| CVE-2026-41383 | 8.1 HIGH | OpenClaw < 2026.4.2 - Arbitrary Remote Directory Deletion via Mis-scoped Mirror Mode Paths |
| CVE-2026-42431 | 8.1 HIGH | OpenClaw < 2026.4.8 - Persistent Profile Mutation via node.invoke(browser.proxy) Bypass |
| CVE-2026-41384 | 7.8 HIGH | OpenClaw < 2026.3.24 - Environment Variable Injection via Workspace Config in CLI Backend |
| CVE-2026-41396 | 7.8 HIGH | OpenClaw < 2026.3.31 - Environment Variable Override of Plugin Trust Root |
| CVE-2026-41387 | 7.8 HIGH | OpenClaw < 2026.3.22 - Supply Chain Redirection via Incomplete Host Environment Sanitizati |
| CVE-2026-42432 | 7.8 HIGH | OpenClaw < 2026.4.8 - Command Escalation via Node Pairing Reconnect Bypass |
| CVE-2026-41912 | 7.6 HIGH | OpenClaw < 2026.4.8 - Server-Side Request Forgery Policy Bypass via Interaction-Triggered |
| CVE-2026-41399 | 7.5 HIGH | OpenClaw < 2026.3.28 - Denial of Service via Unbounded Pre-auth WebSocket Upgrades |
| CVE-2026-41405 | 7.5 HIGH | OpenClaw < 2026.3.31 - Resource Exhaustion via Unauthenticated MS Teams Webhook Body Parsi |
| CVE-2026-41395 | 7.5 HIGH | OpenClaw < 2026.3.28 - Webhook Replay via Query Parameter Reordering in Plivo V3 |
| CVE-2026-42423 | 7.5 HIGH | OpenClaw < 2026.4.8 - strictInlineEval Approval Boundary Bypass via Approval-Timeout Fallb |
| CVE-2026-41380 | 7.3 HIGH | OpenClaw < 2026.3.28 - Arbitrary Execution Allowlist via Wrapper Carrier Executables |
| CVE-2026-41390 | 7.3 HIGH | OpenClaw < 2026.3.28 - Exec Allowlist Bypass via Unregistered /usr/bin/script Wrapper |
Showing top 20 of 53 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: OpenClaw
- CVE-2026-44118
OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Tok - CVE-2026-44117
OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot - CVE-2026-44116
OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo P - CVE-2026-44115
OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted He - CVE-2026-44114
OpenClaw < 2026.4.20 - Environment Variable Namespace Collis
Same vendor: OpenClaw
- CVE-2026-44118
OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Tok - CVE-2026-44116
OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo P - CVE-2026-44117
OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot - CVE-2026-44115
OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted He - CVE-2026-44114
OpenClaw < 2026.4.20 - Environment Variable Namespace Collis
Same weakness: CWE-863
- CVE-2026-42571
Privilege Escalation Attack affecting Pelican Web UI - CVE-2025-15633
HCL BigFix WebUI is affected by an improper authorization vu - CVE-2026-42296
Argo Workflows has incomplete fix for CVE-2026-31892: hostNe - CVE-2025-66170
Apache CloudStack: Any user can list backups that they shoul - CVE-2026-41903
FreeScout IDOR Vulnerability: PERM_EDIT_USERS allows modifyi
V. Comments for CVE-2026-41910
No comments yet