CVE-2026-41349

· NIST NVD ↗

OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execution approval via config.patch parameter. Remote attackers can exploit this to bypass security controls and execute unauthorized operations without user consent.

HIGH
CVSS severity
8.8
CVSS base score
2026-04-23
Published

CWE codes

CWE-862

Affected products

openclaw:openclaw

Sources