CVE-2026-41335

· NIST NVD ↗

OpenClaw before 2026.3.31 contains an information disclosure vulnerability in the Control Interface bootstrap JSON that exposes version and assistant agent identifiers. Attackers can extract sensitive fingerprinting information from the Control UI bootstrap payload to identify system versions and agent configurations.

MEDIUM
CVSS severity
5.3
CVSS base score
2026-04-23
Published

CWE codes

CWE-497

Affected products

openclaw:openclaw

Sources