CVE-2026-41406

CVSS v3.1

5.4

Medium

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability that allows remote attackers to access restricted messages. Attackers can exploit fetched quoted, root, and thread context messages to bypass sender allowlist restrictions and retrieve unauthorized content.

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2026-41406

Affected Products

Openclaw

CVE-2026-41406

Weakness Enumeration

Related Identifiers

Affected Products

References · 5