Description
OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability that allows remote attackers to access restricted messages. Attackers can exploit fetched quoted, root, and thread context messages to bypass sender allowlist restrictions and retrieve unauthorized content.
Published: 2026-04-28
Score: 2.3 Low
EPSS: n/a
KEV: No
Impact: Unauthorized Message Retrieval
Action: Apply Patch
AI Analysis

Impact

OpenClaw before version 2026.3.31 permits an attacker to bypass the sender allowlist, enabling retrieval of restricted messages. The flaw arises when the system processes quoted, root, or threaded context messages, allowing unauthorized access to content that should be protected by the allowlist. The underlying weakness is a lack of proper authorization checks when handling message metadata, classified under CWE‑639.

Affected Systems

Vulnerable products include the OpenClaw application, which is distributed as a Node.js package. All releases prior to 2026.3.31 are affected. Users who have configured a sender allowlist in their OpenClaw deployment are at risk and should verify their instance version.

Risk and Exploitability

The CVSS score of 2.3 indicates low severity, and no EPSS value is available, implying the exploitation likelihood is not quantified. The vulnerability is not listed in CISA’s KEV catalog. Attackers likely exploit the issue by sending crafted messages so that the server retrieves quoted or threaded messages, thereby bypassing the allowlist. A remote attacker would need network access to the OpenClaw instance and the ability to send or trigger message processing. Based on the description, it is inferred that the attack vector involves sending crafted messages that trigger processing of quoted or threaded content.

Generated by OpenCVE AI on April 29, 2026 at 01:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.3.31 or later to remove the allowlist bypass.
  • If an immediate upgrade is not possible, disable or reconfigure the sender allowlist to prevent unauthorized reads while the fix is pending.
  • Monitor message access logs for attempts to read quoted or threaded messages from unfamiliar senders, and block abusive IPs or accounts.

Generated by OpenCVE AI on April 29, 2026 at 01:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability that allows remote attackers to access restricted messages. Attackers can exploit fetched quoted, root, and thread context messages to bypass sender allowlist restrictions and retrieve unauthorized content.
Title OpenClaw < 2026.3.31 - Sender Allowlist Bypass via Thread History and Quoted Messages
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-639
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N'}

cvssV4_0

{'score': 2.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-29T12:52:32.670Z

Reserved: 2026-04-20T14:15:22.223Z

Link: CVE-2026-41406

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-28T19:37:44.280

Modified: 2026-04-28T20:10:23.367

Link: CVE-2026-41406

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T01:30:06Z

Weaknesses