← voltar
CVE-2026-41300

OpenClaw < 2026.3.31 - Preservation of Attacker-Discovered Endpoints in Remote Onboarding

CVSS 6.9 MEDIUMEPSS 0.3%CWE-372
OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote onboarding flows. Attackers can route gateway credentials to malicious endpoints by having their discovered URL survive the trust decline process into manual prompts requiring operator acceptance.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Produtos afetados
OpenClaw · OpenClaw

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/openclaw/openclaw/commit/2a75416634837c21ed05b8c3ed906eb7a7807060https://github.com/openclaw/openclaw/security/advisories/GHSA-9f4w-67g7-mqwvhttps://www.vulncheck.com/advisories/openclaw-attacker-discovered-endpoint-preservation-in-remote-onboarding