CVE-2026-41342
CWE-346Published: April 23, 2026· Updated: Apr 29, 2026
Official Description
OpenClaw before 2026.3.28 contains an authentication bypass vulnerability in the remote onboarding component that persists unauthenticated discovery endpoints without explicit trust confirmation. Attackers can spoof discovery endpoints to redirect onboarding toward malicious gateways and capture gateway credentials or traffic.
Technical Analysis
CVE-2026-41342 requires adjacent network access, limiting remote exploitation but still posing risk in shared or local network environments.
The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.
A successful exploit results in complete confidentiality breach (data exposure), full integrity compromise (data manipulation), with a CVSS base score of 8.1.
CVSS v3.1 Vector Breakdown
Affected Vendors & Products
Exploit & PoC Resources
Official Patches & Advisories
All References (2)
Quick Facts
Related CVEs (CWE-346)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-41342 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts