📄 Description (English)
OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execution approval via config.patch parameter. Remote attackers can exploit this to bypass security controls and execute unauthorized operations without user consent.
🤖 AI Executive Summary
CVE-2026-41349 is a critical agentic consent bypass vulnerability in OpenClaw that allows LLM agents to silently disable execution approval mechanisms through the config.patch parameter. This vulnerability enables remote attackers to bypass security controls and execute unauthorized operations without user consent, posing significant risks to organizations deploying AI-driven automation systems. With a CVSS score of 8.8 and no patch currently available, immediate compensating controls are essential.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 24, 2026 19:36
🇸🇦 Saudi Arabia Impact Assessment
Saudi organizations in financial services (SAMA-regulated banks), government agencies (NCA oversight), healthcare systems, and energy sector (ARAMCO, SEC) face significant risk if deploying OpenClaw-based AI agents for critical operations. The vulnerability is particularly concerning for SAMA-regulated institutions using AI for transaction processing, compliance monitoring, or automated decision-making. Government agencies using AI for citizen services and NCA-regulated cybersecurity operations are at elevated risk. Telecom operators (STC, Mobily) utilizing AI for network management and customer service automation could experience unauthorized system modifications.
🏢 Affected Saudi Sectors
Banking and Financial Services
Government and Public Administration
Healthcare and Medical Services
Energy and Utilities
Telecommunications
Critical Infrastructure
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
8.6
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Inventory all OpenClaw deployments across your organization and identify systems running versions before 2026.3.28
2. Disable or restrict access to the config.patch parameter immediately across all OpenClaw instances
3. Implement network-level controls to block unauthorized config.patch API calls
4. Review audit logs for any suspicious config.patch parameter usage or unexpected agent behavior changes
COMPENSATING CONTROLS:
5. Implement strict input validation and sanitization for all configuration parameters
6. Deploy API gateway rules to reject config.patch requests from untrusted sources
7. Enable comprehensive logging and monitoring of all LLM agent activities and configuration changes
8. Implement role-based access control (RBAC) restricting who can modify agent execution policies
9. Require manual approval workflows for any configuration changes affecting execution controls
10. Isolate OpenClaw instances in network segments with restricted outbound access
11. Monitor for behavioral anomalies in agent execution patterns
DETECTION RULES:
- Alert on any config.patch parameter usage in API requests
- Monitor for changes to execution approval settings without corresponding audit trail entries
- Flag LLM agents executing operations outside their defined scope
- Detect rapid configuration changes or policy modifications
- Monitor for disabled or bypassed approval mechanisms in agent logs
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. قم بحصر جميع نشرات OpenClaw عبر مؤسستك وحدد الأنظمة التي تعمل بإصدارات أقدم من 2026.3.28
2. عطّل أو قيّد الوصول إلى معامل config.patch فوراً عبر جميع نوى OpenClaw
3. طبّق ضوابط على مستوى الشبكة لحجب استدعاءات API غير المصرح بها لـ config.patch
4. راجع سجلات التدقيق للبحث عن أي استخدام مريب لمعامل config.patch أو تغييرات سلوك وكيل غير متوقعة
الضوابط التعويضية:
5. طبّق التحقق الصارم من صحة المدخلات والتطهير لجميع معاملات التكوين
6. نشّر قواعد بوابة API لرفض طلبات config.patch من مصادر غير موثوقة
7. فعّل التسجيل الشامل ومراقبة جميع أنشطة وكيل LLM وتغييرات التكوين
8. طبّق التحكم في الوصول القائم على الأدوار (RBAC) لتقييد من يمكنه تعديل سياسات تنفيذ الوكيل
9. اطلب موافقة يدوية لسير العمل لأي تغييرات في التكوين تؤثر على ضوابط التنفيذ
10. عزل نوى OpenClaw في قطاعات الشبكة ذات الوصول الخارجي المقيد
11. راقب الشذوذ السلوكي في أنماط تنفيذ الوكيل
قواعد الكشف:
- تنبيهات عند استخدام معامل config.patch في طلبات API
- مراقبة التغييرات في إعدادات الموافقة على التنفيذ بدون إدخالات مقابلة في سجل التدقيق
- وضع علامة على وكلاء LLM الذين ينفذون عمليات خارج نطاقهم المحدد
- الكشف عن التغييرات السريعة في التكوين أو تعديلات السياسة
- مراقبة آليات الموافقة المعطلة أو المتجاوزة في سجلات الوكيل
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.5.1 - Information Security Policies (configuration management)
ECC 2024 A.8.1 - User Access Management (authorization controls)
ECC 2024 A.12.4 - Logging and Monitoring (detection of unauthorized changes)
ECC 2024 A.14.2 - System Development and Maintenance (secure configuration)
🔵 SAMA CSF
SAMA CSF ID.AM-2 - Asset Management (inventory OpenClaw systems)
SAMA CSF PR.AC-1 - Access Control (restrict config.patch parameter)
SAMA CSF PR.AC-4 - Access Rights (RBAC implementation)
SAMA CSF DE.CM-1 - Detection Processes (monitor configuration changes)
SAMA CSF DE.AE-1 - Anomalies and Events (behavioral monitoring)
🟡 ISO 27001:2022
ISO 27001:2022 A.5.16 - Management of information security (configuration control)
ISO 27001:2022 A.8.2 - Privileged access rights (restrict parameter access)
ISO 27001:2022 A.8.3 - Information access restriction (RBAC)
ISO 27001:2022 A.8.15 - Access control review (audit configuration changes)
ISO 27001:2022 A.12.4 - Logging (comprehensive audit trails)
🟣 PCI DSS v4.0.1
PCI DSS 2.4 - Configuration standards (secure OpenClaw configuration)
PCI DSS 6.5.10 - Broken authentication (prevent unauthorized execution)
PCI DSS 7.1 - Access control (restrict config.patch to authorized personnel)
PCI DSS 10.2 - Logging (audit all configuration changes)
🔗 References & Sources 3
🔗
https://github.com/openclaw/openclaw/commit/76411b2afc4ae721e36c12e0ea24fd23e2fed61e
disclosure@vulncheck.com
Patch
🔗
https://github.com/openclaw/openclaw/security/advisories/GHSA-v3qc-wrwx-j3pw
disclosure@vulncheck.com
Vendor Advisory
Patch
🔗
https://www.vulncheck.com/advisories/openclaw-agentic-consent-bypass-via-config-patch
disclosure@vulncheck.com
Third Party Advisory
📦 Affected Products / CPE 1 entries
openclaw:openclaw