CVE-2026-41342

Sažetak

OpenClaw before 2026.3.28 contains an authentication bypass vulnerability in the remote onboarding component that persists unauthenticated discovery endpoints without explicit trust confirmation. Attackers can spoof discovery endpoints to redirect onboarding toward malicious gateways and capture gateway credentials or traffic.

Reference

https://github.com/openclaw/openclaw/security/advisories/GHSA-3cw3-5vxw-g2h3
https://www.vulncheck.com/advisories/openclaw-unauthenticated-discovery-endpoint-credential-exfiltration-via-remote-onboarding

CVSS

Base:	7.3
Impact:	5.2
Exploitability:	2.1

Pristup

Vektor	Složenost	Autentikacija
ADJACENT_NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	NONE

CVSS vektor

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Zadnje važnije ažuriranje

24-04-2026 - 14:40

Objavljeno

23-04-2026 - 22:16