CVE-2026-41404:
CVE-2026-41404 is a privilege escalation vulnerability in OpenClaw before 2026.3.31 that allows authenticated low-privileged attackers to escalate to operator.admin privileges by exploiting incomplete scope-clearing in trusted-proxy authentication mode.
Score
A numerical rating that indicates how dangerous this vulnerability is.
8.8High- Published Date:Apr 28, 2026
- CISA KEV Date:*No Data*
- Industries Affected:20
Exploitability
- Score:2.8
- Attack Vector:NETWORK
- Attack Complexity:LOW
- Privileges Required:LOW
- User Interaction:NONE
- Scope:UNCHANGED
Impact
- Score:5.9
- Confidentiality Impact:HIGH
- Integrity Impact:HIGH
- Availability Impact:HIGH
Description Preview
CVE-2026-41404 is a privilege escalation vulnerability in OpenClaw before 2026.3.31 that allows authenticated low-privileged attackers to escalate to operator.admin privileges by exploiting incomplete scope-clearing in trusted-proxy authentication mode.
Overview
CVE-2026-41404 affects OpenClaw before version 2026.3.31 and stems from an incomplete scope-clearing mechanism in trusted-proxy authentication mode. When this authentication mode is active, the application does not properly sanitize or clear operator-level scopes that are self-declared by non-Control-UI clients. Because these scopes persist along identity-bearing authentication paths, a low-privileged attacker operating over the network can inject and retain elevated scope declarations, effectively escalating their privileges to operator.admin. This unauthorized elevation grants the attacker high-impact access across confidentiality, integrity, and availability of the affected system. The attack requires no user interaction, can be conducted remotely over a network connection, and demands only low-level prior authentication, making it a significant risk for deployments using trusted-proxy authentication mode. The vulnerability is scored at 8.8 (HIGH) under CVSS v3.1 and 7.7 (HIGH) under CVSS v4.0.
Remediation
- Organizations using OpenClaw should upgrade to version 2026.3.31 or later immediately, as this release contains the patch that addresses the incomplete scope-clearing behavior. The fix is available via the commit referenced in the project's GitHub repository. As an interim measure where immediate upgrading is not feasible, administrators should consider disabling trusted-proxy authentication mode or restricting network access to the OpenClaw service to trusted sources only. Deployments should also audit current user scopes and privilege assignments to identify any unauthorized escalation that may have already occurred.
References
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
