OpenClaw: High-Severity Access Control Bypass Looms
The National Vulnerability Database (NVD) has detailed CVE-2026-41353, a high-severity access control bypass vulnerability in OpenClaw versions prior to 2026.3.22. This flaw, rated 8.1 CVSS, allows remote attackers to circumvent intended profile restrictions within the allowProfiles feature. The mechanism involves persistent profile mutation and runtime profile selection, enabling attackers to manipulate browser proxy profiles.
Attackers can exploit this by dynamically altering proxy profiles during runtime, gaining unauthorized access to restricted configurations. This effectively bypasses the security controls designed to segineate and protect specific user or system profiles. The implications are significant: an attacker could force a browser into a compromised state, potentially rerouting traffic or accessing sensitive internal resources.
This vulnerability highlights a critical design flaw where runtime manipulation can override static policy. Defenders should recognize that sophisticated attackers frequently target such logical bypasses. It’s not about brute force; it’s about understanding how policy enforcement can be subverted when state changes dynamically.
What This Means For You
- If your organization utilizes OpenClaw, immediately prioritize patching to version 2026.3.22 or newer. This isn't theoretical: an attacker with even low privileges could leverage this to bypass critical network segmentation or data access policies by manipulating browser profiles. Audit your proxy configurations and user permissions for any OpenClaw deployments to ensure no unauthorized modifications have occurred.
Related ATT&CK Techniques
🛡️ Detection Rules
2 rules · 6 SIEM formats2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
OpenClaw Access Control Bypass via Profile Mutation - CVE-2026-41353
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-41353 | Auth Bypass | OpenClaw before 2026.3.22 |
| CVE-2026-41353 | Auth Bypass | Access control bypass in allowProfiles feature |
| CVE-2026-41353 | Auth Bypass | Persistent profile mutation and runtime profile selection |
| CVE-2026-41353 | Auth Bypass | Manipulation of browser proxy profiles at runtime |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 24, 2026 at 01:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related Posts
CVE-2026-6732 — Libxml2 Denial of Service
CVE-2026-6732 — A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that...
OpenShell Mirror Mode Allows Arbitrary Code Execution
CVE-2026-41355 — OpenShell before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox files into workspace hooks. Attackers with mirror...
OpenClaw RCE: Paired Nodes Bypass Auth, Allow Arbitrary Commands
CVE-2026-41352 — OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node scope gate authentication mechanism. Attackers with...