Medium severity6.5NVD Advisory· Published Apr 21, 2026· Updated Apr 27, 2026

CVE-2026-41300

Description

OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote onboarding flows. Attackers can route gateway credentials to malicious endpoints by having their discovered URL survive the trust decline process into manual prompts requiring operator acceptance.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
openclawnpm	< 2026.3.31	2026.3.31

Affected products

OpenClaw/Openclaw
cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Range: <2026.3.31

Patches

2a7541663483

CLI: reset remote URL after trust decline (#57828)

https://github.com/openclaw/openclawJacob TomlinsonMar 30, 2026via ghsa

commit

2 files changed · +4 −1

src/commands/onboard-remote.test.ts+1 −1 modified

@@ -138,7 +138,7 @@ describe("promptRemoteGatewayConfig", () => {
     const manualUrl = "wss://manual.example.com:18789";
     const text: WizardPrompter["text"] = vi.fn(async (params) => {
       if (params.message === "Gateway WebSocket URL") {
-        expect(params.initialValue).toBe("wss://evil.example:443");
+        expect(params.initialValue).toBe("ws://127.0.0.1:18789");
         return manualUrl;
       }
       return "";

src/commands/onboard-remote.ts+3 −0 modified

@@ -132,6 +132,9 @@ export async function promptRemoteGatewayConfig(
             ].join("\n"),
             "Direct remote",
           );
+        } else {
+          // Clear the discovered endpoint so the manual prompt falls back to a safe default.
+          suggestedUrl = DEFAULT_GATEWAY_URL;
         }
       } else {
         suggestedUrl = DEFAULT_GATEWAY_URL;

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/openclaw/openclaw/commit/2a75416634837c21ed05b8c3ed906eb7a7807060nvdPatchWEB
github.com/advisories/GHSA-9f4w-67g7-mqwvghsaADVISORY
github.com/openclaw/openclaw/security/advisories/GHSA-9f4w-67g7-mqwvnvdVendor AdvisoryWEB
www.vulncheck.com/advisories/openclaw-attacker-discovered-endpoint-preservation-in-remote-onboardingnvdThird Party Advisory
github.com/openclaw/openclaw/releases/tag/v2026.3.31ghsaWEB

News mentions

No linked articles in our index yet.

Severity

MediumCVSS v3.1

6.5/ 10

CVSS v46.9

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack vector: Network
Complexity: Low
Privileges: None
User interaction: Required
Scope: Unchanged
Confidentiality: High
Integrity: None
Availability: None

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

Probability of exploitation in the next 30 days.

0.03%

VYPR risk score

Composite of severity, exploitation, and reach.

0.35medium

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000

Weaknesses

CWE-372
Incomplete Internal State Distinction

CVE ID

CVE-2026-41300

Source code

github.com/openclaw/openclaw

Credits

K
KeenSecurityLab
finder
Z
zsxsoft
reporter · ghsa
Z(
zsx (@zsxsoft)
reporter
K
KeenSecurityLab
sponsor · ghsa