← volver
CVE-2026-41300

OpenClaw < 2026.3.31 - Preservation of Attacker-Discovered Endpoints in Remote Onboarding

CVSS 6.9 MEDIUMEPSS 0.3%CWE-372
OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote onboarding flows. Attackers can route gateway credentials to malicious endpoints by having their discovered URL survive the trust decline process into manual prompts requiring operator acceptance.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Productos afectados
OpenClaw · OpenClaw

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/openclaw/openclaw/commit/2a75416634837c21ed05b8c3ed906eb7a7807060https://github.com/openclaw/openclaw/security/advisories/GHSA-9f4w-67g7-mqwvhttps://www.vulncheck.com/advisories/openclaw-attacker-discovered-endpoint-preservation-in-remote-onboarding