PT-2026-35802 · Openclaw · Openclaw

Keensecuritylab

Published

2026-04-09

Updated

2026-04-29

CVE-2026-42423

CVSS v3.1

7.5

High

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.8

Description An approval-timeout fallback mechanism allows the bypass of strictInlineEval explicit-approval requirements on gateway and node exec hosts. This allows the execution of inline eval commands that would otherwise require explicit user approval, circumventing the intended security boundary.

Recommendations Update to version 2026.4.8.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-636

Related Identifiers

CVE-2026-42423

GHSA-Q2GC-XJQW-QP89

Affected Products

Openclaw

PT-2026-35802 · Openclaw · Openclaw

CVE-2026-42423

Weakness Enumeration

Related Identifiers

Affected Products

References · 8