Vulnerabilities ›

CVE-2026-41299

High

CWE-807 — Weakness Type

                    Published: Apr 21, 2026                      ·  Modified: Apr 27, 2026                      ·  Source: NVD                

CVSS v3

7.1

🔗 NVD Official

📄 Description (English)

OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the chat.send gateway method where ACP-only provenance fields are gated by self-declared client metadata from WebSocket handshake rather than verified authorization state. Authenticated operator clients can spoof ACP identity labels and inject reserved provenance fields intended only for the ACP bridge by manipulating client metadata during connection.

🤖 AI Executive Summary

CVE-2026-41299 is an authorization bypass vulnerability in OpenClaw's chat.send gateway method that allows authenticated operators to spoof ACP identity labels by manipulating WebSocket handshake metadata. Attackers can inject reserved provenance fields intended only for the ACP bridge, compromising the integrity of message attribution and access control.

📄 Description (Arabic)

يحتوي OpenClaw على ثغرة تجاوز تفويض في طريقة بوابة chat.send حيث يتم التحكم في حقول الأصل الخاصة بـ ACP من خلال بيانات العميل المعلنة ذاتياً من مصافحة WebSocket بدلاً من حالة التفويض المتحققة. يمكن لعملاء المشغلين المصرح لهم تزييف تسميات هوية ACP وحقن حقول الأصل المحفوظة المخصصة فقط لجسر ACP عن طريق التلاعب ببيانات العميل أثناء الاتصال.

🤖 ملخص تنفيذي (AI)

This vulnerability in OpenClaw allows authenticated operators to bypass authorization controls by spoofing ACP identity through manipulated WebSocket metadata. Attackers can inject restricted provenance fields, undermining message attribution integrity and access control mechanisms.

🤖 AI Intelligence Analysis Analyzed: May 9, 2026 11:18

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

banking telecom government healthcare

🎯 MITRE ATT&CK Techniques

T1078.001 T1550.001 T1556

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Update OpenClaw to version 2026.3.28 or later immediately. Implement server-side verification of authorization state instead of relying on client-declared metadata. Validate all provenance fields on the backend and enforce strict access controls for ACP-only fields. Review WebSocket connection handling and implement cryptographic signing of client metadata.

🔧 خطوات المعالجة (العربية)

قم بتحديث OpenClaw إلى الإصدار 2026.3.28 أو أحدث فوراً. طبق التحقق من جانب الخادم لحالة التفويض بدلاً من الاعتماد على البيانات المعلنة من العميل. تحقق من جميع حقول الأصل على الخادم وفرض ضوابط وصول صارمة لحقول ACP فقط. راجع معالجة اتصالات WebSocket وطبق التوقيع التشفيري لبيانات العميل.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1.1 5.1.2 5.2.1

🔵 SAMA CSF

AC-2 AC-3 AC-6

🟡 ISO 27001:2022

A.9.1.1 A.9.2.1 A.9.4.1

🔗 References & Sources 2

🔗

https://github.com/openclaw/openclaw/security/advisories/GHSA-6xg4-82hv-cp6f

disclosure@vulncheck.com

Vendor Advisory

🔗

https://www.vulncheck.com/advisories/openclaw-client-identity-spoofing-in-chat-send-gat...

disclosure@vulncheck.com

Third Party Advisory

📦 Affected Products / CPE 1 entries

openclaw:openclaw

📊 CVSS Score

7.1

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityH — High

AvailabilityN — None / Network

📋 Quick Facts

Severity High

CVSS Score7.1

CWECWE-807

EPSS0.06%

Exploit No

Patch ✗ No

Published 2026-04-21

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-807

🏢 Vendor Advisories

🔗 https://github.com/openclaw/openclaw/security/adviso...

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-41299

💬 Comments

Introduce Yourself

Sign In Required