OpenClaw Privilege Escalation via Incomplete Scope Clearing (CVE-2026-41404)
The National Vulnerability Database has disclosed CVE-2026-41404, a high-severity vulnerability in OpenClaw before version 2026.3.31. This flaw, rated 8.8 CVSS, involves an incomplete scope-clearing mechanism within OpenClaw’s trusted-proxy authentication mode. It directly enables privilege escalation to operator.admin.
Attackers can exploit this by declaring operator scopes on non-Control-UI clients. The critical issue is that these self-declared scopes persist on identity-bearing authentication paths, allowing the attacker to bypass intended access controls and escalate privileges. This is a fundamental breakdown in authorization logic, categorized under CWE-863 (Improper Neutralization of Explicitly Defined Special Elements).
While specific affected products are not detailed, organizations using OpenClaw in a trusted-proxy authentication setup are at direct risk. The ability for a low-privileged user to achieve administrative control is a critical security bypass, demanding immediate attention for patching and configuration review.
What This Means For You
- If your organization utilizes OpenClaw, especially with trusted-proxy authentication, you need to check your version immediately. Patch to OpenClaw 2026.3.31 or later to mitigate CVE-2026-41404. Review your authentication configurations to ensure scope declarations are strictly enforced and not susceptible to persistence across identity paths.
Related ATT&CK Techniques
🛡️ Detection Rules
2 rules · 6 SIEM formats2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-41404 - OpenClaw Operator Admin Privilege Escalation via Incomplete Scope Clearing
title: CVE-2026-41404 - OpenClaw Operator Admin Privilege Escalation via Incomplete Scope Clearing
id: scw-2026-04-28-ai-1
status: experimental
level: critical
description: |
Detects the specific exploitation pattern of CVE-2026-41404 by looking for authentication requests to the '/auth' endpoint that include 'operator.admin' in the query parameters, indicating an attempt to escalate privileges by exploiting an incomplete scope clearing vulnerability in OpenClaw's trusted-proxy authentication mode.
author: SCW Feed Engine (AI-generated)
date: 2026-04-28
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-41404/
tags:
- attack.privilege_escalation
- attack.t1548.002
logsource:
category: authentication
detection:
selection:
cs-uri-query|contains:
- 'operator.admin'
cs-uri|contains:
- '/auth'
sc-status:
- 200
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-41404 | Privilege Escalation | OpenClaw before 2026.3.31 |
| CVE-2026-41404 | Privilege Escalation | incomplete scope-clearing vulnerability in trusted-proxy authentication mode |
| CVE-2026-41404 | Privilege Escalation | allows operator.admin privilege escalation |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 28, 2026 at 22:37 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
Daily Security Digest — 2026-04-28
80 vulnerability disclosures (20 Critical, 60 High) and 25 curated intelligence stories from 9 sources.
CVE-2026-42431: OpenClaw Vulnerability Allows Persistent Browser Profile Mutation
CVE-2026-42431 — OpenClaw before 2026.4.8 contains a security bypass vulnerability in node.invoke(browser.proxy) that allows mutation of persistent browser profiles. Attackers can exploit this path to...
OpenClaw CVE-2026-42426: Improper Authorization Allows Node Pairing Bypass
CVE-2026-42426 — OpenClaw before 2026.4.8 contains an improper authorization vulnerability where the node.pair.approve method accepts operator.write scope instead of the narrower operator.pairing scope, allowing unprivileged...