CVE-2026-41342HIGH 8.1EPSS p2.6%

CVE-2026-41342CVE-2026-41342

Description

OpenClaw before 2026.3.28 contains an authentication bypass vulnerability in the remote onboarding component that persists unauthenticated discovery endpoints without explicit trust confirmation. Attackers can spoof discovery endpoints to redirect onboarding toward malicious gateways and capture gateway credentials or traffic.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS0.13% probability of exploitation · percentile 2.6% · 2026-06-19T12:03:05Z
Published2026-04-23
Last modified2026-04-29

Underlying weaknesses· 1

CWE-346

References

  1. https://github.com/openclaw/openclaw/security/advisories/GHSA-3cw3-5vxw-g2h3
  2. https://www.vulncheck.com/advisories/openclaw-unauthenticated-discovery-endpoint-credential-exfiltration-via-remote-onboarding

1

TypeTargetConfidenceTier
WeaknessOrigin Validation Errorcwe-3460%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-41394
CVE
CVE-2026-41352
CVE
CVE-2026-32034
CVE
CVE-2026-32042
CVE
CVE-2026-28472
CVE
CVE-2026-43585
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.