CVE-2026-41394 | OpenClaw up to 2026.3.30 authorization (GHSA-mhgq-xpfq-6r66)

April 28, 2026 Yanac

A vulnerability identified as critical has been detected in OpenClaw up to 2026.3.30. The affected element is an unknown function. The manipulation leads to missing authorization.

This vulnerability is uniquely identified as CVE-2026-41394. The attack is possible to be carried out remotely. No exploit exists.

You should upgrade the affected component.VulDB Recent EntriesRead More

CVE-2026-41396 | OpenClaw up to 2026.3.30 Environment Variable OPENCLAW_BUNDLED_PLUGINS_DIR inclusion of functionality from untrusted control sphere (GHSA-qcj9-wwgw-6gm8)
CVE-2026-41377 | OpenClaw up to 2026.3.30 Plugin Installation failing open (GHSA-cwq8-6f96-g3q4)