top of page
perceptive_background_267k.jpg

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Talk Voice…

Published:

27 april 2026 om 22:00:00

Alert date:

28 april 2026 om 20:08:59

Source:

nvd.nist.gov

Click to open the original link from this advisory

Identity & Access, Enterprise Applications

OpenClaw before version 2026.3.28 contains a privilege escalation vulnerability that allows authenticated operators with write permissions to access admin-level Talk Voice configuration settings. Attackers can exploit the chat.send endpoint to modify sensitive voice configuration settings that should be restricted to administrators only. This vulnerability affects the access control mechanism and allows unauthorized privilege elevation from operator to admin level access.

Technical details

Mitigation steps:

Affected products:

OpenClaw

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-41379
https://github.com/openclaw/openclaw/commit/e34694733fc64931ed4a543c73d84ad3435d5df1
https://github.com/openclaw/openclaw/security/advisories/GHSA-3q42-xmxv-9vfr
https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-chat-send-to-admin-class-talk-voice-config

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page