CVE-2026-41352

· NIST NVD ↗

OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node scope gate authentication mechanism. Attackers with device pairing credentials can execute arbitrary node commands on the host system without proper node pairing validation.

HIGH
CVSS severity
8.8
CVSS base score
2026-04-23
Published

CWE codes

CWE-862

Affected products

openclaw:openclaw

Sources