TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2026-41300

MEDIUM
6.5

Beschreibung

OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote onboarding flows. Attackers can route gateway credentials to malicious endpoints by having their discovered URL survive the trust decline process into manual prompts requiring operator acceptance.

CVE Details

CVSS v3.1 Bewertung6.5
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionREQUIRED
Veroffentlicht4/21/2026
Zuletzt geandert4/21/2026
Quellenvd
Honeypot-Sichtungen0

Schwachen (CWE)

CWE-372

Referenzen

https://github.com/openclaw/openclaw/commit/2a75416634837c21ed05b8c3ed906eb7a7807060(disclosure@vulncheck.com)
https://github.com/openclaw/openclaw/security/advisories/GHSA-9f4w-67g7-mqwv(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/openclaw-attacker-discovered-endpoint-preservation-in-remote-onboarding(disclosure@vulncheck.com)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.