CVE-2026-41298 | OpenClaw up to 2026.4.1 Read-Scoped Call kill authorization (GHSA-5hff-46vh-rxmw)

A vulnerability labeled as critical has been found in OpenClaw up to 2026.4.1. This affects an unknown function of the file /sessions/:sessionKey/kill of the component Read-Scoped Call Handler. The manipulation results in missing authorization.

This vulnerability is known as CVE-2026-41298. It is possible to launch the attack remotely. No exploit is available.

The affected component should be upgraded.VulDB Recent EntriesRead More