← volver
CVE-2026-41349

OpenClaw < 2026.3.28 - Agentic Consent Bypass via config.patch

CVSS 8.7 HIGHEPSS 0.5%CWE-862
OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execution approval via config.patch parameter. Remote attackers can exploit this to bypass security controls and execute unauthorized operations without user consent.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
OpenClaw · OpenClaw

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/openclaw/openclaw/commit/76411b2afc4ae721e36c12e0ea24fd23e2fed61ehttps://github.com/openclaw/openclaw/security/advisories/GHSA-v3qc-wrwx-j3pwhttps://www.vulncheck.com/advisories/openclaw-agentic-consent-bypass-via-config-patch