HIGHCVE-2026-41352Published 2026-04-23Modified 2026-04-24CNA VulnCheck

CVE-2026-41352: OpenClaw < 2026.3.31 - Remote Code Execution via Node Scope Gate Bypass

OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node scope gate authentication mechanism. Attackers with device pairing credentials can execute arbitrary node commands on the host system without proper node pairing validation.

CVSS v4.0: 7.7
Severity: HIGH
Fixed in: 2026.3.31
Affected Products: 1

Fix available

2026.3.31

Patch commits

Patch Commit

Affected packages

OpenClaw / OpenClaw
< 2026.3.31 (from 0)
Fixed in 2026.3.31

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

GitHub Security Advisory (GHSA-xj9w-5r6q-x6v4)
Patch Commit
VulnCheck Advisory: OpenClaw < 2026.3.31 - Remote Code Execution via Node Scope Gate Bypass

Metrics

Fix available