What is CVE-2026-41355?

CVE-2026-41355 is a high-severity vulnerability in Openclaw, classified under Inclusion of Functionality from Untrusted Control Sphere. CVSS score: 7.3/10. Published 2026-04-23.

How severe is CVE-2026-41355?

High severity. CVSS v3 base score is 7.3 out of 10.

Vulnerability in Openclaw

CVE-2026-41355

OpenClaw before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox files into workspace hooks. Attackers with mirror mode access can execute arbitrary code on the host during gateway…

EPSS: 0.000 (2.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.3 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H.

Affected products

Openclaw — versions 0, 2026.3.28

Weakness classification (CWE)

CWE-829 — Inclusion of Functionality from Untrusted Control Sphere

References

disclosure@vulncheck.com (vendor-advisory, Vendor Advisory)
disclosure@vulncheck.com (Patch, patch)
disclosure@vulncheck.com (Third Party Advisory, third-party-advisory)

Frequently asked questions

What is CVE-2026-41355?: CVE-2026-41355 is a high-severity vulnerability in Openclaw, classified under Inclusion of Functionality from Untrusted Control Sphere. CVSS score: 7.3/10. Published 2026-04-23.
How severe is CVE-2026-41355?: High severity. CVSS v3 base score is 7.3 out of 10.