Approval Integrity Bypass in OpenClaw by OpenClaw Software
CVE-2026-41360

5.4MEDIUM

Key Information:

Vendor: Openclaw
Status: Openclaw
Vendor: CVE Published:; 23 April 2026

What is CVE-2026-41360?

OpenClaw versions prior to 2026.4.2 are subjected to an approval integrity bypass vulnerability in pnpm dlx. This flaw enables attackers to replace authorized local scripts before execution, without invalidating the established approval plan. The inconsistency in binding local script operands with pnpm exec flows opens a pathway for execution of maliciously altered script contents, posing significant security risks.

Affected Version(s)

OpenClaw 0 < 2026.4.2

OpenClaw 2026.4.2

References

https://github.com/openclaw/openclaw/security/advisories/...

vendor-advisory

https://github.com/openclaw/openclaw/commit/176c059b05357...

patch

https://www.vulncheck.com/advisories/openclaw-approval-in...

third-party-advisory

CVSS V4

Score:

5.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 23, 2026
Vulnerability Reserved
Apr 20, 2026

Credit

风间映川 (@Kazamayc)

CVE-2026-41360 Data

JSON

Openclaw

What is CVE-2026-41360?

Affected Version(s)

References

CVSS V4

Timeline

Credit