Lucene search
K

4 matches found

NVD
NVD
added 2026/04/28 7:37 p.m.6 views

CVE-2026-41380

OpenClaw before 2026.3.28 contains an execution approval vulnerability in exec-approvals-allowlist.ts that allows allow-always persistence to trust wrapper carrier executables instead of invoked targets. Attackers can exploit positional carrier executable routing through dispatch wrappers to...

7.3CVSS0.00124EPSS
Exploits0References2
CVE
CVE
added 2026/04/28 6:9 p.m.11 views

CVE-2026-41380

OpenClaw vulnerable before 2026.3.28 via exec-approvals-allowlist.ts: an execution-approval weakness lets one-time allow-always entries persistently trust wrapper carrier executables routed through dispatch wrappers, broadening the allowlist and weakening execution boundaries. CVSS 3.1/4.0 indica...

7.3CVSS5.5AI score0.00124EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/28 6:9 p.m.31 views

CVE-2026-41380 OpenClaw < 2026.3.28 - Arbitrary Execution Allowlist via Wrapper Carrier Executables

OpenClaw before 2026.3.28 contains an execution approval vulnerability in exec-approvals-allowlist.ts that allows allow-always persistence to trust wrapper carrier executables instead of invoked targets. Attackers can exploit positional carrier executable routing through dispatch wrappers to...

7.3CVSS0.00124EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/01 12:2 a.m.15 views

OpenClaw gateway exec allow-always over-trusts positional carrier executables

Summary Allow-always persistence could trust wrapper carrier executables instead of the actual invoked target when commands were routed through dispatch wrappers. Impact A one-time approval could persist a broader future allowlist entry than the operator intended, weakening execution approval...

7.3CVSS6.1AI score0.00124EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder