TROYANOSYVIRUS
Back to CVEs

CVE-2026-41390

HIGH
7.3

Description

OpenClaw before 2026.3.28 contains an exec allowlist bypass vulnerability where allow-always persistence fails to unwrap /usr/bin/script and similar wrappers before storing trust decisions. Attackers can obtain user approval for one wrapped command to persist trust for wrapper binaries that execute different underlying programs.

CVE Details

CVSS v3.1 Score7.3
SeverityHIGH
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredLOW
User InteractionREQUIRED
Published4/28/2026
Last Modified4/30/2026
Sourcenvd
Honeypot Sightings0

Affected Products

openclaw:openclaw

Weaknesses (CWE)

CWE-807

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-6pfc-6m7w-m8fx(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/openclaw-exec-allowlist-bypass-via-unregistered-usr-bin-script-wrapper(disclosure@vulncheck.com)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.