Vulnerability Details CVE-2026-41388
OpenClaw before 2026.3.31 contains a configuration management vulnerability where startup migration treats empty-array settings as missing values. Attackers can restart the application to rehydrate revoked Tlon configuration from file state, bypassing intended revocation controls.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 7.6%
CVSS Severity
CVSS v3 Score 6.5