VIR Vulnerability Intelligence Relay

CVE-2026-41379

high
Published 2026-04-28 · Modified 2026-04-28
CVSS v3
7.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
CVSS v2
VIR risk
7.1

Description

OpenClaw: Gateway operator.write Can Reach Admin-Class Talk Voice Config Persistence via chat.send

Predictions

Exploit likelihood
80%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: disclosure@vulncheck.com — https://github.com/openclaw/openclaw/security/advisories/GHSA-3q42-xmxv-9vfr

vendor Authored 2026-05-27

Vendor advisory: disclosure@vulncheck.com — https://github.com/openclaw/openclaw/commit/e34694733fc64931ed4a543c73d84ad3435d5df1

Package impact
EcosystemPackageVulnerableFixed
npm npmopenclaw<2026.3.282026.3.28
npm NPMopenclaw<= 2026.3.242026.3.28

Application impact
VendorProductVersionsFixed
openclawopenclaw{"endExcluding":"2026.3.28"}2026.3.28

References

CWEs

CWE-863

Verify integrity in audit chain (admin only). AS-IS.