Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-41299

OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the chat.send gateway method where ACP-only provenance fields are gated by self-declared client metadata from WebSocket handshake rather than verified authorization state. Authenticated operator clients can spoof ACP identity labels and inject reserved provenance fields intended only for the ACP bridge by manipulating client metadata during connection.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 16.7%
CVSS Severity
CVSS v3 Score 7.1
Products affected by CVE-2026-41299
  • Openclaw » Openclaw » Version: 0.1.0
    cpe:2.3:a:openclaw:openclaw:0.1.0
  • Openclaw » Openclaw » Version: 0.1.1
    cpe:2.3:a:openclaw:openclaw:0.1.1
  • Openclaw » Openclaw » Version: 0.1.2
    cpe:2.3:a:openclaw:openclaw:0.1.2
  • Openclaw » Openclaw » Version: 0.1.3
    cpe:2.3:a:openclaw:openclaw:0.1.3
  • Openclaw » Openclaw » Version: 1.0.4
    cpe:2.3:a:openclaw:openclaw:1.0.4
  • Openclaw » Openclaw » Version: 1.1.0
    cpe:2.3:a:openclaw:openclaw:1.1.0
  • Openclaw » Openclaw » Version: 1.2.0
    cpe:2.3:a:openclaw:openclaw:1.2.0
  • Openclaw » Openclaw » Version: 1.2.1
    cpe:2.3:a:openclaw:openclaw:1.2.1
  • Openclaw » Openclaw » Version: 1.2.2
    cpe:2.3:a:openclaw:openclaw:1.2.2
  • Openclaw » Openclaw » Version: 1.3.0
    cpe:2.3:a:openclaw:openclaw:1.3.0
  • Openclaw » Openclaw » Version: 2.0.0
    cpe:2.3:a:openclaw:openclaw:2.0.0
  • Openclaw » Openclaw » Version: 2026.1.10
    cpe:2.3:a:openclaw:openclaw:2026.1.10
  • Openclaw » Openclaw » Version: 2026.1.11
    cpe:2.3:a:openclaw:openclaw:2026.1.11
  • Openclaw » Openclaw » Version: 2026.1.11-1
    cpe:2.3:a:openclaw:openclaw:2026.1.11-1
  • Openclaw » Openclaw » Version: 2026.1.11-2
    cpe:2.3:a:openclaw:openclaw:2026.1.11-2
  • Openclaw » Openclaw » Version: 2026.1.11-3
    cpe:2.3:a:openclaw:openclaw:2026.1.11-3
  • Openclaw » Openclaw » Version: 2026.1.11-4
    cpe:2.3:a:openclaw:openclaw:2026.1.11-4
  • Openclaw » Openclaw » Version: 2026.1.111
    cpe:2.3:a:openclaw:openclaw:2026.1.111
  • Openclaw » Openclaw » Version: 2026.1.112
    cpe:2.3:a:openclaw:openclaw:2026.1.112
  • Openclaw » Openclaw » Version: 2026.1.113
    cpe:2.3:a:openclaw:openclaw:2026.1.113
  • Openclaw » Openclaw » Version: 2026.1.12
    cpe:2.3:a:openclaw:openclaw:2026.1.12
  • Openclaw » Openclaw » Version: 2026.1.12-1
    cpe:2.3:a:openclaw:openclaw:2026.1.12-1
  • Openclaw » Openclaw » Version: 2026.1.12-2
    cpe:2.3:a:openclaw:openclaw:2026.1.12-2
  • Openclaw » Openclaw » Version: 2026.1.122
    cpe:2.3:a:openclaw:openclaw:2026.1.122
  • Openclaw » Openclaw » Version: 2026.1.13
    cpe:2.3:a:openclaw:openclaw:2026.1.13
  • Openclaw » Openclaw » Version: 2026.1.14-1
    cpe:2.3:a:openclaw:openclaw:2026.1.14-1
  • Openclaw » Openclaw » Version: 2026.1.141
    cpe:2.3:a:openclaw:openclaw:2026.1.141
  • Openclaw » Openclaw » Version: 2026.1.15
    cpe:2.3:a:openclaw:openclaw:2026.1.15
  • Openclaw » Openclaw » Version: 2026.1.16-1
    cpe:2.3:a:openclaw:openclaw:2026.1.16-1
  • Openclaw » Openclaw » Version: 2026.1.16-2
    cpe:2.3:a:openclaw:openclaw:2026.1.16-2
  • Openclaw » Openclaw » Version: 2026.1.162
    cpe:2.3:a:openclaw:openclaw:2026.1.162
  • Openclaw » Openclaw » Version: 2026.1.20
    cpe:2.3:a:openclaw:openclaw:2026.1.20
  • Openclaw » Openclaw » Version: 2026.1.20-1
    cpe:2.3:a:openclaw:openclaw:2026.1.20-1
  • Openclaw » Openclaw » Version: 2026.1.20-2
    cpe:2.3:a:openclaw:openclaw:2026.1.20-2
  • Openclaw » Openclaw » Version: 2026.1.21
    cpe:2.3:a:openclaw:openclaw:2026.1.21
  • Openclaw » Openclaw » Version: 2026.1.21-1
    cpe:2.3:a:openclaw:openclaw:2026.1.21-1
  • Openclaw » Openclaw » Version: 2026.1.21-2
    cpe:2.3:a:openclaw:openclaw:2026.1.21-2
  • Openclaw » Openclaw » Version: 2026.1.22
    cpe:2.3:a:openclaw:openclaw:2026.1.22
  • Openclaw » Openclaw » Version: 2026.1.23
    cpe:2.3:a:openclaw:openclaw:2026.1.23
  • Openclaw » Openclaw » Version: 2026.1.23-1
    cpe:2.3:a:openclaw:openclaw:2026.1.23-1
  • Openclaw » Openclaw » Version: 2026.1.24
    cpe:2.3:a:openclaw:openclaw:2026.1.24
  • Openclaw » Openclaw » Version: 2026.1.24-1
    cpe:2.3:a:openclaw:openclaw:2026.1.24-1
  • Openclaw » Openclaw » Version: 2026.1.24-2
    cpe:2.3:a:openclaw:openclaw:2026.1.24-2
  • Openclaw » Openclaw » Version: 2026.1.24-3
    cpe:2.3:a:openclaw:openclaw:2026.1.24-3
  • Openclaw » Openclaw » Version: 2026.1.241
    cpe:2.3:a:openclaw:openclaw:2026.1.241
  • Openclaw » Openclaw » Version: 2026.1.29
    cpe:2.3:a:openclaw:openclaw:2026.1.29
  • Openclaw » Openclaw » Version: 2026.1.30
    cpe:2.3:a:openclaw:openclaw:2026.1.30
  • Openclaw » Openclaw » Version: 2026.1.4
    cpe:2.3:a:openclaw:openclaw:2026.1.4
  • Openclaw » Openclaw » Version: 2026.1.4-1
    cpe:2.3:a:openclaw:openclaw:2026.1.4-1
  • Openclaw » Openclaw » Version: 2026.1.5
    cpe:2.3:a:openclaw:openclaw:2026.1.5
  • Openclaw » Openclaw » Version: 2026.1.5-1
    cpe:2.3:a:openclaw:openclaw:2026.1.5-1
  • Openclaw » Openclaw » Version: 2026.1.5-2
    cpe:2.3:a:openclaw:openclaw:2026.1.5-2
  • Openclaw » Openclaw » Version: 2026.1.5-3
    cpe:2.3:a:openclaw:openclaw:2026.1.5-3
  • Openclaw » Openclaw » Version: 2026.1.51
    cpe:2.3:a:openclaw:openclaw:2026.1.51
  • Openclaw » Openclaw » Version: 2026.1.52
    cpe:2.3:a:openclaw:openclaw:2026.1.52
  • Openclaw » Openclaw » Version: 2026.1.53
    cpe:2.3:a:openclaw:openclaw:2026.1.53
  • Openclaw » Openclaw » Version: 2026.1.8
    cpe:2.3:a:openclaw:openclaw:2026.1.8
  • Openclaw » Openclaw » Version: 2026.1.8-1
    cpe:2.3:a:openclaw:openclaw:2026.1.8-1
  • Openclaw » Openclaw » Version: 2026.1.8-2
    cpe:2.3:a:openclaw:openclaw:2026.1.8-2
  • Openclaw » Openclaw » Version: 2026.1.9
    cpe:2.3:a:openclaw:openclaw:2026.1.9
  • Openclaw » Openclaw » Version: 2026.2.0
    cpe:2.3:a:openclaw:openclaw:2026.2.0
  • Openclaw » Openclaw » Version: 2026.2.1
    cpe:2.3:a:openclaw:openclaw:2026.2.1
  • Openclaw » Openclaw » Version: 2026.2.12
    cpe:2.3:a:openclaw:openclaw:2026.2.12
  • Openclaw » Openclaw » Version: 2026.2.13
    cpe:2.3:a:openclaw:openclaw:2026.2.13
  • Openclaw » Openclaw » Version: 2026.2.14
    cpe:2.3:a:openclaw:openclaw:2026.2.14
  • Openclaw » Openclaw » Version: 2026.2.15
    cpe:2.3:a:openclaw:openclaw:2026.2.15
  • Openclaw » Openclaw » Version: 2026.2.17
    cpe:2.3:a:openclaw:openclaw:2026.2.17
  • Openclaw » Openclaw » Version: 2026.2.17.2
    cpe:2.3:a:openclaw:openclaw:2026.2.17.2
  • Openclaw » Openclaw » Version: 2026.2.19
    cpe:2.3:a:openclaw:openclaw:2026.2.19
  • Openclaw » Openclaw » Version: 2026.2.19-1
    cpe:2.3:a:openclaw:openclaw:2026.2.19-1
  • Openclaw » Openclaw » Version: 2026.2.19-2
    cpe:2.3:a:openclaw:openclaw:2026.2.19-2
  • Openclaw » Openclaw » Version: 2026.2.2
    cpe:2.3:a:openclaw:openclaw:2026.2.2
  • Openclaw » Openclaw » Version: 2026.2.2-1
    cpe:2.3:a:openclaw:openclaw:2026.2.2-1
  • Openclaw » Openclaw » Version: 2026.2.2-2
    cpe:2.3:a:openclaw:openclaw:2026.2.2-2
  • Openclaw » Openclaw » Version: 2026.2.2-3
    cpe:2.3:a:openclaw:openclaw:2026.2.2-3
  • Openclaw » Openclaw » Version: 2026.2.21
    cpe:2.3:a:openclaw:openclaw:2026.2.21
  • Openclaw » Openclaw » Version: 2026.2.21-1
    cpe:2.3:a:openclaw:openclaw:2026.2.21-1
  • Openclaw » Openclaw » Version: 2026.2.21-2
    cpe:2.3:a:openclaw:openclaw:2026.2.21-2
  • Openclaw » Openclaw » Version: 2026.2.22
    cpe:2.3:a:openclaw:openclaw:2026.2.22
  • Openclaw » Openclaw » Version: 2026.2.22-1
    cpe:2.3:a:openclaw:openclaw:2026.2.22-1
  • Openclaw » Openclaw » Version: 2026.2.22-2
    cpe:2.3:a:openclaw:openclaw:2026.2.22-2
  • Openclaw » Openclaw » Version: 2026.2.23
    cpe:2.3:a:openclaw:openclaw:2026.2.23
  • Openclaw » Openclaw » Version: 2026.2.24
    cpe:2.3:a:openclaw:openclaw:2026.2.24
  • Openclaw » Openclaw » Version: 2026.2.25
    cpe:2.3:a:openclaw:openclaw:2026.2.25
  • Openclaw » Openclaw » Version: 2026.2.26
    cpe:2.3:a:openclaw:openclaw:2026.2.26
  • Openclaw » Openclaw » Version: 2026.2.3
    cpe:2.3:a:openclaw:openclaw:2026.2.3
  • Openclaw » Openclaw » Version: 2026.2.3-1
    cpe:2.3:a:openclaw:openclaw:2026.2.3-1
  • Openclaw » Openclaw » Version: 2026.2.6
    cpe:2.3:a:openclaw:openclaw:2026.2.6
  • Openclaw » Openclaw » Version: 2026.2.6-1
    cpe:2.3:a:openclaw:openclaw:2026.2.6-1
  • Openclaw » Openclaw » Version: 2026.2.6-2
    cpe:2.3:a:openclaw:openclaw:2026.2.6-2
  • Openclaw » Openclaw » Version: 2026.2.6-3
    cpe:2.3:a:openclaw:openclaw:2026.2.6-3
  • Openclaw » Openclaw » Version: 2026.2.61
    cpe:2.3:a:openclaw:openclaw:2026.2.61
  • Openclaw » Openclaw » Version: 2026.2.62
    cpe:2.3:a:openclaw:openclaw:2026.2.62
  • Openclaw » Openclaw » Version: 2026.2.63
    cpe:2.3:a:openclaw:openclaw:2026.2.63
  • Openclaw » Openclaw » Version: 2026.2.9
    cpe:2.3:a:openclaw:openclaw:2026.2.9
  • Openclaw » Openclaw » Version: 2026.3.1
    cpe:2.3:a:openclaw:openclaw:2026.3.1
  • Openclaw » Openclaw » Version: 2026.3.11
    cpe:2.3:a:openclaw:openclaw:2026.3.11
  • Openclaw » Openclaw » Version: 2026.3.12
    cpe:2.3:a:openclaw:openclaw:2026.3.12
  • Openclaw » Openclaw » Version: 2026.3.13
    cpe:2.3:a:openclaw:openclaw:2026.3.13
  • Openclaw » Openclaw » Version: 2026.3.2
    cpe:2.3:a:openclaw:openclaw:2026.3.2
  • Openclaw » Openclaw » Version: 2026.3.22
    cpe:2.3:a:openclaw:openclaw:2026.3.22
  • Openclaw » Openclaw » Version: 2026.3.23
    cpe:2.3:a:openclaw:openclaw:2026.3.23
  • Openclaw » Openclaw » Version: 2026.3.23-2
    cpe:2.3:a:openclaw:openclaw:2026.3.23-2
  • Openclaw » Openclaw » Version: 2026.3.24
    cpe:2.3:a:openclaw:openclaw:2026.3.24
  • Openclaw » Openclaw » Version: 2026.3.25
    cpe:2.3:a:openclaw:openclaw:2026.3.25
  • Openclaw » Openclaw » Version: 2026.3.7
    cpe:2.3:a:openclaw:openclaw:2026.3.7
  • Openclaw » Openclaw » Version: 2026.3.8
    cpe:2.3:a:openclaw:openclaw:2026.3.8


Products
Pricing
Contact Us

Shodan ® - All rights reserved