CVE-2026-41394
CVE-2026-41394 affects OpenClaw prior to 2026.3.31. An authentication bypass allows unauthenticated access to plugin-auth HTTP routes that receive operator runtime write scopes, enabling privileged runtime actions intended for authorized operators. Exploitation status is not detailed in the provi...