3 matches found
CVE-2026-41349 OpenClaw < 2026.3.28 - Agentic Consent Bypass via config.patch
OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execution approval via config.patch parameter. Remote attackers can exploit this to bypass security controls and execute unauthorized operations without user consent...
OpenClaw: Agentic Consent Bypass — LLM Agent Can Silently Disable Exec Approval via `config.patch`
Summary Agentic Consent Bypass: LLM Agent Can Silently Disable Exec Approval via config.patch Current Maintainer Triage - Status: open - Normalized severity: high - Assessment: Maintainers accepted this issue, fixed it in 76411b2afc4ae721e36c12e0ea24fd23e2fed61e on 2026-03-27, and that fix shippe...
GHSA-V3QC-WRWX-J3PW OpenClaw: Agentic Consent Bypass — LLM Agent Can Silently Disable Exec Approval via `config.patch`
Summary Agentic Consent Bypass: LLM Agent Can Silently Disable Exec Approval via config.patch Current Maintainer Triage - Status: open - Normalized severity: high - Assessment: Maintainers accepted this issue, fixed it in 76411b2afc4ae721e36c12e0ea24fd23e2fed61e on 2026-03-27, and that fix shippe...