← Voltar para CVEs
CVE-2026-41383
HIGH8.1
Descricao
OpenClaw before 2026.4.2 contains an arbitrary directory deletion vulnerability in mirror mode that allows attackers to delete remote directories by influencing remoteWorkspaceDir and remoteAgentWorkspaceDir configuration values. Attackers can manipulate these OpenShell config paths to cause mirror sync operations to delete unintended remote directory contents and replace them with uploaded workspace data.
Detalhes CVE
Pontuacao CVSS v3.18.1
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado4/28/2026
Ultima modificacao4/28/2026
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-22
Referencias
https://github.com/openclaw/openclaw/commit/b21c9840c2e38f4bb338d031511b479d5f07ca25(disclosure@vulncheck.com)
https://github.com/openclaw/openclaw/security/advisories/GHSA-m34q-h93w-vg5x(disclosure@vulncheck.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.