TROYANOSYVIRUS
Back to CVEs

CVE-2026-41381

MEDIUM
5.4

Description

OpenClaw before 2026.3.31 contains an access control bypass vulnerability in the Discord voice manager that allows attackers to bypass channel-level member access allowlist restrictions. Attackers can send Discord voice ingress requests before channel allowlist authorization is performed, gaining unauthorized access to restricted voice channels.

CVE Details

CVSS v3.1 Score5.4
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published4/28/2026
Last Modified5/1/2026
Sourcenvd
Honeypot Sightings0

Affected Products

openclaw:openclaw

Weaknesses (CWE)

CWE-863

References

https://github.com/openclaw/openclaw/commit/dba96e7507e0900f120e5e28e57755d69bf78759(disclosure@vulncheck.com)
https://github.com/openclaw/openclaw/security/advisories/GHSA-cqgw-44wg-44rf(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/openclaw-access-control-bypass-in-discord-voice-manager-via-channel-allowlist(disclosure@vulncheck.com)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.