CVE-2026-41393

· NIST NVD ↗

OpenClaw before 2026.3.31 contains a wide-area discovery vulnerability allowing arbitrary tailnet peers to be accepted as DNS authorities. Attackers with same-tailnet position and CA-trusted endpoint access can exfiltrate operator credentials through DNS steering manipulation.

MEDIUM
CVSS severity
4.8
CVSS base score
2026-04-28
Published

CWE codes

CWE-346

Affected products

openclaw:openclaw

Sources