CVE-2026-41353

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.22

Description An access control bypass exists in the allowProfiles feature. This flaw allows remote attackers to circumvent profile restrictions by utilizing persistent profile mutation and runtime profile selection. Exploitation occurs by manipulating browser proxy profiles at runtime to access restricted profiles and bypass intended access controls.

Recommendations Update to version 2026.3.22.