CVE-2026-41353

OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers to circumvent profile restrictions through persistent profile mutation and runtime profile selection. Remote attackers can exploit this by manipulating browser proxy profil...

CVE-2026-41353

OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers to circumvent profile restrictions through persistent profile mutation and runtime profile selection. Remote attackers can exploit this by manipulating browser proxy profil...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from an access control bypass vulnerability in the allowProfiles function. This allowed attackers to...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via persistent mutation of the allowProfiles configuration and runtime profile selection. An attacker can gain unauthorized access to restricted profiles by...

OpenClaw: Node browser proxy `allowProfiles` bypass through persistent profile mutation and runtime profile selection

Summary Node browser proxy allowProfiles bypass through persistent profile mutation and runtime profile selection Current Maintainer Triage - Status: open - Normalized severity: high - Assessment: Real released allowProfiles bypass through profile mutation and runtime profile selection, fixed and...