TROYANOSYVIRUS
Volver a CVEs

CVE-2026-41376

MEDIUM
5.4

Descripcion

OpenClaw before 2026.3.31 contains an allowlist bypass vulnerability in Matrix thread root and reply context handling that fails to properly validate message senders. Attackers can fetch thread-root and reply context messages that should be filtered by sender allowlists, bypassing access controls.

Detalles CVE

Puntuacion CVSS v3.15.4
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado4/28/2026
Ultima modificacion5/1/2026
Fuentenvd
Avistamientos honeypot0

Productos afectados

openclaw:openclaw

Debilidades (CWE)

CWE-346

Referencias

https://github.com/openclaw/openclaw/commit/8a563d603b70ef6338915f0527bee87282c3bad5(disclosure@vulncheck.com)
https://github.com/openclaw/openclaw/security/advisories/GHSA-rg8m-3943-vm6q(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/openclaw-matrix-thread-context-allowlist-bypass-via-sender-validation(disclosure@vulncheck.com)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.