CVE-2026-41300
MEDIUMOpenClaw < 2026.3.31 - Attacker-Discovered Endpoint Preservation in Remote Onboarding
Title source: cnaDescription
OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote onboarding flows. Attackers can route gateway credentials to malicious endpoints by having their discovered URL survive the trust decline process into manual prompts requiring operator acceptance.
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
GitHub Security Advisory (GHSA-9f4w-67g7-mqwv)
https://github.com/openclaw/openclaw/security/advisories/GHSA-9f4w-67g7-mqwv
Patch patch
Patch Commit
https://github.com/openclaw/openclaw/commit/2a75416634837c21ed05b8c3ed906eb7a7807060
Third Party Advisory third-party-advisory
VulnCheck Advisory: OpenClaw < 2026.3.31 - Attacker-Discovered Endpoint Preservation in Remote Onboarding
https://www.vulncheck.com/advisories/openclaw-attacker-discovered-endpoint-preservation-in-remote-onboarding
Scores
CVSS v3
6.5
EPSS
0.0025
EPSS Percentile
16.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-372
Status
published
Products (4)
npm/openclaw
0 - 2026.3.31npm
OpenClaw/OpenClaw
< 2026.3.31
openclaw/openclaw
< 2026.3.31
OpenClaw/OpenClaw
2026.3.31
Published
Apr 21, 2026
Tracked Since
Apr 21, 2026