OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote onboarding flows. Attackers can route gateway credentials to malicious endpoints by having their discovered URL survive the trust decline process into manual prompts requiring operator acceptance.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XOpenclaw
APPOpenclaw< 2026.3.31
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2026-43585CRITICAL9.2PL ✓ten sam produkt
OpenClaw: ominięcie uwierzytelniania przez nieodświeżane tokeny bearer po rotacji SecretRef
CVE-2026-43575CRITICAL9.2PL ✓ten sam produkt
OpenClaw: Authentication Bypass w trasie pomocniczej sandbox noVNC
CVE-2026-43578CRITICAL9.1PL ✓ten sam produkt
OpenClaw: privilege escalation przez pominięcie zdarzeń async exec w heartbeat
CVE-2026-43581CRITICAL9.0PL ✓ten sam produkt
OpenClaw: ekspozycja Chrome DevTools Protocol poza sandbox
CVE-2026-44109CRITICAL9.2PL ✓ten sam produkt
OpenClaw — Auth Bypass w walidacji Feishu webhook umożliwia RCE