CVE-2026-41376 OpenClaw < 2026.3.31 - Matrix Thread Context Allowlist Bypass via Sender Validation

OpenClaw before 2026.3.31 contains an allowlist bypass vulnerability in Matrix thread root and reply context handling that fails to properly validate message senders. Attackers can fetch thread-root and reply context messages that should be filtered by sender allowlists, bypassing access controls...

PT-2026-35761

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description An allowlist bypass exists in Matrix thread root and reply context handling due to improper validation of message senders. This allows attackers to fetch thread-root and reply context messages...