Home / Vulnerability Intelligence / CVE-2026-41303

CVE-2026-41303 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: April 21, 2026

OpenClaw - Authorization Bypass

Published: April 21, 2026Updated: April 21, 2026Remote Exploitable

Overview

OpenClaw before 2026.3.28 contains an authorization bypass caused by improper validation in Discord text approval commands, letting attackers bypass approver allowlist and approve pending exec requests remotely, exploit requires sending crafted Discord commands.

Severity & Score

Severity: High

CVSS Score: 8.8

Impact

Attackers can bypass authorization to approve pending execution requests, potentially leading to unauthorized code execution on hosts.

Mitigation

Update to version 2026.3.28 or later.

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-98hh-7ghg-x6rq
https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-discord-text-approval-commands

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-41303
Severity: High
CVSS Score: 8.8
Type: broken_access_control
Status: new

CWE

CWE-863

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H