← voltar
CVE-2026-41349

OpenClaw < 2026.3.28 - Agentic Consent Bypass via config.patch

CVSS 8.7 HIGHEPSS 0.5%CWE-862
OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execution approval via config.patch parameter. Remote attackers can exploit this to bypass security controls and execute unauthorized operations without user consent.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
OpenClaw · OpenClaw

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/openclaw/openclaw/commit/76411b2afc4ae721e36c12e0ea24fd23e2fed61ehttps://github.com/openclaw/openclaw/security/advisories/GHSA-v3qc-wrwx-j3pwhttps://www.vulncheck.com/advisories/openclaw-agentic-consent-bypass-via-config-patch