Description
OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote onboarding flows. Attackers can route gateway credentials to malicious endpoints by having their discovered URL survive the trust decline process into manual prompts requiring operator acceptance.
Published: 2026-04-20
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Credential compromise via malicious endpoint forwarding during remote onboarding
Action: Immediate Patch
AI Analysis

Impact

OpenClaw versions prior to 2026.3.31 contain a trust‑decline flaw that allows an attacker to preserve a discovered endpoint in the remote onboarding process. The weakness, classified as CWE‑372, means that the system improperly accepts an attacker‑controlled URL, causing gateway credentials to be routed to a malicious endpoint. This can result in the disclosure or theft of sensitive credentials if an operator authorizes the prompt.

Affected Systems

All OpenClaw deployments running the Node.js implementation with a version before 2026.3.31 are affected. The vulnerability is present in the remote onboarding flow of the OpenClaw service.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity. EPSS is unavailable. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is remote onboarding flows where an attacker initially discovers a malicious endpoint and then forces it to survive the trust decline process, requiring an operator to manually accept it. Once accepted, the system forwards credentials through the attacker‑controlled endpoint, enabling credential compromise.

Generated by OpenCVE AI on April 21, 2026 at 15:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update OpenClaw to version 2026.3.31 or newer to remove the trust‑decline flaw
  • Configure the onboarding process to reject unknown or untrusted endpoints before operator approval
  • Audit and monitor onboarding logs for unexpected manual prompts and endpoint changes

Generated by OpenCVE AI on April 21, 2026 at 15:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-9f4w-67g7-mqwv OpenClaw: Endpoint persists after trust decline, leaking gateway credentials
History

Tue, 21 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 20 Apr 2026 23:30:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote onboarding flows. Attackers can route gateway credentials to malicious endpoints by having their discovered URL survive the trust decline process into manual prompts requiring operator acceptance.
Title OpenClaw < 2026.3.31 - Attacker-Discovered Endpoint Preservation in Remote Onboarding
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-372
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-21T13:03:24.309Z

Reserved: 2026-04-20T14:01:13.151Z

Link: CVE-2026-41300

cve-icon Vulnrichment

Updated: 2026-04-21T13:03:03.147Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-21T00:16:30.690

Modified: 2026-04-27T16:56:39.803

Link: CVE-2026-41300

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T15:45:07Z

Weaknesses