CVE-2026-41300

· NIST NVD ↗

OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote onboarding flows. Attackers can route gateway credentials to malicious endpoints by having their discovered URL survive the trust decline process into manual prompts requiring operator acceptance.

MEDIUM
CVSS severity
6.5
CVSS base score
2026-04-21
Published

CWE codes

CWE-372

Affected products

openclaw:openclaw

Sources