TROYANOSYVIRUS
Volver a CVEs

CVE-2026-41380

HIGH
7.3

Descripcion

OpenClaw before 2026.3.28 contains an execution approval vulnerability in exec-approvals-allowlist.ts that allows allow-always persistence to trust wrapper carrier executables instead of invoked targets. Attackers can exploit positional carrier executable routing through dispatch wrappers to establish broader allowlist entries than intended, weakening execution approval boundaries.

Detalles CVE

Puntuacion CVSS v3.17.3
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioREQUIRED
Publicado4/28/2026
Ultima modificacion5/1/2026
Fuentenvd
Avistamientos honeypot0

Productos afectados

openclaw:openclaw

Debilidades (CWE)

CWE-807

Referencias

https://github.com/openclaw/openclaw/security/advisories/GHSA-p4x4-2r7f-wjxg(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/openclaw-arbitrary-execution-allowlist-via-wrapper-carrier-executables(disclosure@vulncheck.com)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.