Attack Chain

1. Attacker gains initial access to a system with OpenClaw installed, potentially through social engineering or exploiting other vulnerabilities.
2. The attacker identifies a dispatch wrapper executable that is already on the allowlist.
3. The attacker crafts a malicious payload to be executed through the identified wrapper.
4. The attacker leverages positional carrier executable routing to pass the malicious payload to the wrapper.
5. OpenClaw’s exec-approvals-allowlist.ts incorrectly trusts the wrapper, adding it to the allow-always list.
6. The attacker executes arbitrary commands using the allowlisted wrapper with the malicious payload, bypassing intended restrictions.
7. The attacker escalates privileges by executing privileged commands through the bypassed execution approval mechanism.
8. The attacker achieves persistence by utilizing the now-trusted wrapper to execute malicious code repeatedly.

Impact

Successful exploitation of CVE-2026-41380 allows attackers to bypass intended execution restrictions within OpenClaw. This can lead to arbitrary code execution, privilege escalation, and persistent malicious activity. The vulnerability allows attackers to effectively weaken the security posture of systems relying on OpenClaw’s execution approval mechanisms, potentially leading to complete system compromise. The precise number of affected installations is unknown, but any system running a vulnerable version of OpenClaw is at risk.

Recommendation

• Upgrade OpenClaw to version 2026.3.28 or later to remediate CVE-2026-41380.
• Implement the Sigma rule “Detect Suspicious OpenClaw Wrapper Execution” to identify potential exploitation attempts.
• Review existing allowlist entries within OpenClaw to identify and remove any overly broad or suspicious entries that may have been created through exploitation of CVE-2026-41380.
• Monitor OpenClaw’s logs for unexpected or unauthorized execution events related to wrapper executables as described in the vulnerability details.