top of page
perceptive_background_267k.jpg

OpenClaw before 2026.3.28 contains an execution approval vulnerability in exec-approvals-allowlist.ts that allows allow-always persistence to trust wrapper carr…

Published:

27 April 2026 at 22:00:00

Alert date:

28 April 2026 at 20:08:59

Source:

nvd.nist.gov

Click to open the original link from this advisory

Security Tools

OpenClaw versions before 2026.3.28 contain an execution approval vulnerability in exec-approvals-allowlist.ts. The vulnerability allows allow-always persistence to trust wrapper carrier executables instead of invoked targets. Attackers can exploit positional carrier executable routing through dispatch wrappers. This enables establishment of broader allowlist entries than intended. The vulnerability weakens execution approval boundaries and security controls.

Technical details

Mitigation steps:

Affected products:

OpenClaw

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-41380
https://github.com/openclaw/openclaw/security/advisories/GHSA-p4x4-2r7f-wjxg
https://www.vulncheck.com/advisories/openclaw-arbitrary-execution-allowlist-via-wrapper-carrier-executables

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page