Home / Vulnerability Intelligence / CVE-2026-41352

CVE-2026-41352 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: April 23, 2026

OpenClaw - Remote Code Execution

Published: April 23, 2026Updated: April 23, 2026Remote Exploitable

Overview

OpenClaw < 2026.3.31 contains a remote code execution caused by bypassing node scope gate authentication in device-paired nodes, letting attackers with device pairing credentials execute arbitrary node commands, exploit requires device pairing credentials.

Severity & Score

Severity: High

CVSS Score: 8.8

Impact

Attackers with device pairing credentials can execute arbitrary commands on the host system, leading to full system compromise.

Mitigation

Update to version 2026.3.31 or later.

References

https://www.vulncheck.com/advisories/openclaw-remote-code-execution-via-node-scope-gate-bypass
https://github.com/openclaw/openclaw/commit/3886b65ef21d02808c1a106fa1f9f69e22f71c32
https://github.com/openclaw/openclaw/security/advisories/GHSA-xj9w-5r6q-x6v4

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-41352
Severity: High
CVSS Score: 8.8
Type: undefined
Status: new

CWE

CWE-862

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H