CVE-2026-41359
HIGHOpenClaw < 2026.3.28 - Privilege Escalation via operator.write to Admin-Class Telegram Config and Cron Persistence
Title source: cnaDescription
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Telegram configuration and cron persistence settings via the send endpoint. Attackers with operator.write credentials can exploit insufficient access controls to reach sensitive administrative functionality and modify persistence mechanisms.
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
GitHub Security Advisory (GHSA-767m-xrhc-fxm7)
https://github.com/openclaw/openclaw/security/advisories/GHSA-767m-xrhc-fxm7
Patch patch
Patch Commit
https://github.com/openclaw/openclaw/commit/b7d70ade3b9900dbe97bd73be9c02e924ff3c986
Third Party Advisory third-party-advisory
VulnCheck Advisory: OpenClaw < 2026.3.28 - Privilege Escalation via operator.write to Admin-Class Telegram Config and Cron Persistence
https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-operator-write-to-admin-class-telegram-config-and-cron-persistence
Scores
CVSS v3
7.1
EPSS
0.0023
EPSS Percentile
13.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-269
Status
published
Products (4)
npm/openclaw
0 - 2026.3.28npm
OpenClaw/OpenClaw
< 2026.3.28
openclaw/openclaw
< 2026.3.28
OpenClaw/OpenClaw
2026.3.28
Published
Apr 23, 2026
Tracked Since
Apr 24, 2026