VYPR
High severity8.1NVD Advisory· Published Apr 23, 2026· Updated May 1, 2026

CVE-2026-41353

CVE-2026-41353

Description

OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers to circumvent profile restrictions through persistent profile mutation and runtime profile selection. Remote attackers can exploit this by manipulating browser proxy profiles at runtime to access restricted profiles and bypass intended access controls.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • OpenClaw/Openclaw2 versions
    cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*+ 1 more
    • cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*range: <2026.3.22
    • (no CPE)range: <2026.3.22

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.