OpenClaw LLM Agent Bypass: Silent Execution Approval Disabled

/HIGH /CVSS 8.8/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitycwe-862
OpenClaw LLM Agent Bypass: Silent Execution Approval Disabled

The National Vulnerability Database has detailed CVE-2026-41349, a high-severity vulnerability affecting OpenClaw versions prior to 2026.3.28. This flaw allows LLM agents to silently bypass execution approval mechanisms. Attackers can exploit this by manipulating the config.patch parameter, effectively disabling user consent for operations.

The CVSS score of 8.8 (HIGH) reflects the critical impact: remote attackers with low privileges can achieve high confidentiality, integrity, and availability impacts without user interaction. This is a direct bypass of security controls designed to prevent unauthorized actions by AI agents, making it a dangerous avenue for stealthy operations.

For defenders, this means a critical need to patch OpenClaw deployments immediately. Any system relying on agentic consent for security must assume a compromised posture if running vulnerable versions. The attacker’s calculus here is clear: leverage the growing reliance on LLM agents to bypass traditional human-in-the-loop security, executing malicious tasks under the radar.

What This Means For You

  • If your organization uses OpenClaw with LLM agents, you need to verify your version immediately. Patch to OpenClaw 2026.3.28 or later without delay. Audit logs for any suspicious agent activity that occurred without explicit user consent, especially if running a vulnerable version.
🛡️ Am I exposed to this? Get detection rules for CVE-2026-41349 — Splunk, Sentinel, Elastic, QRadar & more

Related ATT&CK Techniques

T1539 Steal Application Access Token Credential Access T1078.004 Abuse Cloud Account Initial Access T1059.001 PowerShell Execution

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1539 Defense Evasion

OpenClaw Agentic Consent Bypass via config.patch - CVE-2026-41349

Sigma YAML — free preview
✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-41349 Auth Bypass OpenClaw before 2026.3.28
CVE-2026-41349 Auth Bypass LLM agents silently disable execution approval
CVE-2026-41349 Auth Bypass vulnerable parameter: config.patch

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 24, 2026 at 01:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related Posts

CVE-2026-6732 — Libxml2 Denial of Service

CVE-2026-6732 — A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that...

vulnerabilityCVEmedium-severitydenial-of-servicecwe-843
/SCW Vulnerability Desk /MEDIUM /6.5 /⚑ 2 IOCs /⚙ 2 Sigma

OpenShell Mirror Mode Allows Arbitrary Code Execution

CVE-2026-41355 — OpenShell before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox files into workspace hooks. Attackers with mirror...

vulnerabilityCVEhigh-severitycode-executioncwe-829
/SCW Vulnerability Desk /HIGH /7.3 /⚑ 4 IOCs /⚙ 3 Sigma

OpenClaw: High-Severity Access Control Bypass Looms

CVE-2026-41353 — OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers to circumvent profile restrictions through persistent profile...

vulnerabilityCVEhigh-severitycwe-472
/SCW Vulnerability Desk /HIGH /8.1 /⚑ 4 IOCs /⚙ 2 Sigma