CVE-2026-41913: OpenClaw Race Condition Vulnerability

CVE-2026-41913 Overview

CVE-2026-41913 is a race condition vulnerability in OpenClaw before version 2026.4.4 that affects the shared-secret authentication mechanism. The vulnerability allows concurrent asynchronous requests to bypass the per-key rate-limit budget, enabling attackers to circumvent intended rate-limiting protections on Tailscale-capable paths. This flaw stems from improper synchronization in the authentication flow, allowing multiple simultaneous authentication attempts to succeed before the rate-limit counter is properly updated.

Critical Impact

Attackers can exploit this race condition to bypass authentication rate-limiting protections, potentially enabling brute-force attacks or unauthorized access attempts on Tailscale-capable paths that would normally be blocked by rate-limiting controls.

Affected Products

• OpenClaw versions prior to 2026.4.4
• OpenClaw Node.js implementations with shared-secret authentication
• Systems utilizing Tailscale-capable paths with rate-limiting protections

Discovery Timeline

• 2026-04-28 - CVE-2026-41913 published to NVD
• 2026-04-30 - Last updated in NVD database

Technical Details for CVE-2026-41913

Vulnerability Analysis

The race condition vulnerability (CWE-362) exists in OpenClaw's shared-secret authentication implementation within the network fetch guard component. The flaw occurs because the rate-limit budget check and decrement operations are not atomic, creating a time-of-check time-of-use (TOCTOU) window where concurrent asynchronous requests can all pass the rate-limit check before any of them decrements the counter.

The vulnerability is particularly concerning for systems that rely on rate-limiting as a security control to prevent brute-force authentication attempts. By exploiting this race condition, an attacker can send multiple simultaneous authentication requests that all bypass the rate-limit check, effectively multiplying their allowed attempts.

The fix involves reordering operations to ensure DNS pinning resolution only occurs when necessary, and properly handling the dispatcher creation flow to prevent concurrent access issues. The patch modifies src/infra/net/fetch-guard.ts to ensure the resolvePinnedHostnameWithPolicy function is only called within the appropriate conditional branch, eliminating the race condition window.

Root Cause

The root cause is improper synchronization in the asynchronous authentication flow. The original code performed DNS pinning resolution (resolvePinnedHostnameWithPolicy) before checking whether a trusted environment proxy could be used. This created a window where multiple concurrent requests could pass through the rate-limit checks simultaneously because the asynchronous operations were not properly sequenced.

Attack Vector

The attack exploits the network-accessible authentication endpoint by sending multiple concurrent authentication requests. An attacker can craft parallel requests that arrive at the rate-limit check simultaneously, allowing all requests to pass before the rate counter is decremented. This requires the attacker to have network access to the OpenClaw authentication endpoints and the ability to send high-frequency concurrent requests.

     try {
       assertExplicitProxySupportsPinnedDns(parsedUrl, params.dispatcherPolicy, params.pinDns);
       await assertExplicitProxyAllowed(params.dispatcherPolicy, params.lookupFn, params.policy);
-      const pinned = await resolvePinnedHostnameWithPolicy(parsedUrl.hostname, {
-        lookupFn: params.lookupFn,
-        policy: params.policy,
-      });
       const canUseTrustedEnvProxy =
         mode === GUARDED_FETCH_MODE.TRUSTED_ENV_PROXY && hasProxyEnvConfigured();
       if (canUseTrustedEnvProxy) {
         dispatcher = createHttp1EnvHttpProxyAgent();
       } else if (params.pinDns === false) {
         dispatcher = createPolicyDispatcherWithoutPinnedDns(params.dispatcherPolicy);
       } else {
+        const pinned = await resolvePinnedHostnameWithPolicy(parsedUrl.hostname, {
+          lookupFn: params.lookupFn,
+          policy: params.policy,
+        });
         dispatcher = createPinnedDispatcher(pinned, params.dispatcherPolicy, params.policy);
       }
 

Source: GitHub Commit d7c3210

Detection Methods for CVE-2026-41913

Indicators of Compromise

• Unusually high volume of authentication requests from a single source within short time windows
• Rate-limit counters showing unexpected patterns or inconsistencies
• Authentication logs showing bursts of concurrent requests that exceed configured rate limits
• Failed authentication attempts that exceed the expected rate-limit thresholds

Detection Strategies

• Monitor authentication endpoints for concurrent request patterns that exceed rate-limit configurations
• Implement logging that captures the timing and concurrency of authentication attempts
• Deploy network-level rate limiting as a defense-in-depth measure to complement application-level controls
• Use SentinelOne Singularity Platform to detect anomalous authentication patterns and potential brute-force attempts

Monitoring Recommendations

• Enable detailed authentication logging including timestamps and request correlation IDs
• Set up alerts for authentication request rates that significantly exceed baseline patterns
• Monitor for concurrent requests from the same source IP or authentication key
• Review Tailscale-capable path access logs for suspicious activity patterns

How to Mitigate CVE-2026-41913

Immediate Actions Required

• Upgrade OpenClaw to version 2026.4.4 or later immediately
• Review authentication logs for any signs of exploitation attempts
• Implement additional network-level rate limiting as a defense-in-depth measure
• Monitor authentication endpoints for unusual concurrent request patterns

Patch Information

The vulnerability is addressed in OpenClaw version 2026.4.4. The security patch modifies the fetch guard component in src/infra/net/fetch-guard.ts to properly sequence DNS pinning resolution operations, eliminating the race condition window. Organizations should apply commit d7c3210cd6f5fdfdc1beff4c9541673e814354d5 or upgrade to the patched release.

For detailed information, refer to the GitHub Security Advisory GHSA-25wv-8phj-8p7r and the VulnCheck Advisory on Rate Limit Bypass.

Workarounds

• Implement network-level rate limiting using a reverse proxy or WAF to provide additional protection
• Configure connection pooling limits to reduce the effectiveness of concurrent request attacks
• Enable additional authentication controls such as CAPTCHA or account lockout mechanisms
• Consider temporarily disabling shared-secret authentication on Tailscale-capable paths until patched

# Example nginx rate limiting configuration as defense-in-depth
limit_req_zone $binary_remote_addr zone=auth_limit:10m rate=10r/s;

location /api/auth {
    limit_req zone=auth_limit burst=5 nodelay;
    proxy_pass http://openclaw_backend;
}