CVE-2026-41380 Overview
CVE-2026-41380 is an execution approval vulnerability in OpenClaw before version 2026.3.28. The flaw exists in exec-approvals-allowlist.ts and allows allow-always persistence to trust wrapper carrier executables instead of the actually invoked targets. This vulnerability enables attackers to exploit positional carrier executable routing through dispatch wrappers, establishing broader allowlist entries than intended and effectively weakening execution approval boundaries.
Critical Impact
Attackers can bypass execution approval controls by exploiting wrapper carrier executable trust relationships, potentially enabling unauthorized code execution within environments relying on OpenClaw's execution approval system.
Affected Products
- OpenClaw versions prior to 2026.3.28
Discovery Timeline
- April 28, 2026 - CVE-2026-41380 published to NVD
- April 28, 2026 - Last updated in NVD database
Technical Details for CVE-2026-41380
Vulnerability Analysis
This vulnerability stems from a flaw in how OpenClaw's execution approval allowlist handles wrapper carrier executables. The issue is classified under CWE-807 (Reliance on Untrusted Inputs in a Security Decision), indicating that the application makes security-critical decisions based on inputs that can be manipulated by attackers.
When an execution request passes through dispatch wrappers, the allowlist mechanism incorrectly trusts the carrier executable rather than validating the actual target being invoked. This creates a trust gap where attackers can leverage legitimate wrapper executables as carriers to execute arbitrary targets that would otherwise be blocked by the execution approval system.
Root Cause
The root cause lies in the exec-approvals-allowlist.ts component, which implements the allow-always persistence logic. The vulnerability occurs because the allowlist validation focuses on the positional carrier executable in the dispatch chain rather than the final invocation target. This design flaw allows broader allowlist entries to be established through wrapper executables, effectively creating a bypass mechanism for execution approval boundaries.
Attack Vector
The attack requires local access to the system and user interaction. An attacker with low privileges can exploit the positional carrier executable routing mechanism by:
- Identifying trusted wrapper executables that are already in the allowlist
- Crafting dispatch requests that route through these trusted wrappers
- Targeting executables that would normally be blocked by execution approval controls
- Establishing persistent allow-always entries that maintain the bypass
The vulnerability mechanism involves manipulating the dispatch wrapper routing to cause the allowlist validation to trust the carrier executable identity instead of properly validating the actual invocation target. For detailed technical information, refer to the GitHub Security Advisory.
Detection Methods for CVE-2026-41380
Indicators of Compromise
- Unexpected allowlist entries appearing for wrapper carrier executables
- Execution approval logs showing dispatch wrapper routing patterns to unauthorized targets
- Unusual allow-always persistence entries that include positional carrier executables
- Evidence of execution approval boundary violations in audit logs
Detection Strategies
- Monitor changes to the execution approval allowlist for unexpected entries
- Audit dispatch wrapper routing patterns for suspicious carrier executable usage
- Implement logging for all allow-always persistence operations in exec-approvals-allowlist.ts
- Review execution approval configurations for overly broad allowlist entries
Monitoring Recommendations
- Enable verbose logging for execution approval decisions and allowlist modifications
- Implement alerts for new allow-always entries being created through dispatch wrappers
- Regularly audit the allowlist for entries that include carrier executables rather than specific targets
- Monitor for patterns of execution attempts routing through known wrapper executables
How to Mitigate CVE-2026-41380
Immediate Actions Required
- Upgrade OpenClaw to version 2026.3.28 or later immediately
- Review existing allowlist entries for any suspicious carrier executable trusts
- Audit recent execution approval logs for potential exploitation attempts
- Temporarily restrict allowlist modification capabilities until patched
Patch Information
The vulnerability has been addressed in OpenClaw version 2026.3.28. Organizations should update to this version or later to remediate the vulnerability. For additional details, see the VulnCheck Advisory on OpenClaw and the GitHub Security Advisory.
Workarounds
- Disable allow-always persistence temporarily until the patch can be applied
- Implement manual review requirements for all new allowlist entries
- Restrict access to execution approval configuration to administrators only
- Consider implementing additional validation layers for dispatch wrapper routing
# Review current allowlist entries for carrier executable patterns
cat /path/to/openclaw/config/exec-approvals-allowlist.json | grep -i "wrapper\|carrier\|dispatch"
# Verify OpenClaw version
openclaw --version
# Backup current configuration before upgrade
cp -r /path/to/openclaw/config /path/to/backup/openclaw-config-backup
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
