CVE-2026-41335
MEDIUMOpenClaw < 2026.3.31 - Information Disclosure via Control UI Bootstrap JSON
Title source: cnaDescription
OpenClaw before 2026.3.31 contains an information disclosure vulnerability in the Control Interface bootstrap JSON that exposes version and assistant agent identifiers. Attackers can extract sensitive fingerprinting information from the Control UI bootstrap payload to identify system versions and agent configurations.
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
GitHub Security Advisory (GHSA-hr8g-2q7x-3f4w)
https://github.com/openclaw/openclaw/security/advisories/GHSA-hr8g-2q7x-3f4w
Patch patch
Patch Commit
https://github.com/openclaw/openclaw/commit/c5c10adc022f42eb75ebb3bf364dd607738683b3
Third Party Advisory third-party-advisory
VulnCheck Advisory: OpenClaw < 2026.3.31 - Information Disclosure via Control UI Bootstrap JSON
https://www.vulncheck.com/advisories/openclaw-information-disclosure-via-control-ui-bootstrap-json
Scores
CVSS v3
5.3
EPSS
0.0030
EPSS Percentile
21.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-497
Status
published
Products (4)
npm/openclaw
0 - 2026.3.31npm
OpenClaw/OpenClaw
< 2026.3.31
openclaw/openclaw
< 2026.3.31
OpenClaw/OpenClaw
2026.3.31
Published
Apr 23, 2026
Tracked Since
Apr 24, 2026