PT-2026-35763 · Openclaw · Openclaw

Antaisecuritylab

Published

2026-04-03

Updated

2026-05-01

CVE-2026-41378

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31

Description A privilege escalation issue allows paired nodes with role=node to dispatch node.event agent requests, granting unrestricted tool access on the gateway side. Attackers possessing trusted paired node credentials can leverage the unrestricted agent.request dispatch to achieve remote code execution on the gateway.

Recommendations Update to version 2026.3.31.

Fix

LPE

RCE

Incorrect Authorization

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-862

Related Identifiers

CVE-2026-41378

GHSA-GJM7-HW8F-73RQ

Affected Products

Openclaw

PT-2026-35763 · Openclaw · Openclaw

CVE-2026-41378

Weakness Enumeration

Related Identifiers

Affected Products

References · 9