What is CVE-2026-41353?

CVE-2026-41353 is a high-severity vulnerability in Openclaw, classified under CWE-472. CVSS score: 8.1/10. Published 2026-04-23.

How severe is CVE-2026-41353?

High severity. CVSS v3 base score is 8.1 out of 10.

Vulnerability in Openclaw

CVE-2026-41353

OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers to circumvent profile restrictions through persistent profile mutation and runtime profile selection. Remote attac…

EPSS: 0.001 (17.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N.

Affected products

Openclaw — versions 0, 2026.3.22

Weakness classification (CWE)

CWE-472

References

GitHub Security Advisory (GHSA-h5hg-h7rr-gpf3) (vendor-advisory, Vendor Advisory)
Patch Commit (Patch, patch)
VulnCheck Advisory: OpenClaw < 2026.3.22 - allowProfiles Bypass via Profile Mutation and Runtime Selection (Third Party Advisory, third-party-advisory)

Frequently asked questions

What is CVE-2026-41353?: CVE-2026-41353 is a high-severity vulnerability in Openclaw, classified under CWE-472. CVSS score: 8.1/10. Published 2026-04-23.
How severe is CVE-2026-41353?: High severity. CVSS v3 base score is 8.1 out of 10.