{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-41390/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-41390"}],"_cs_exploited":false,"_cs_products":["OpenClaw"],"_cs_severities":["high"],"_cs_tags":["allowlist bypass","privilege escalation","cve-2026-41390"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eOpenClaw, a security application, is vulnerable to an allowlist bypass (CVE-2026-41390) affecting versions prior to 2026.3.28. The core issue lies in how OpenClaw handles \u0026ldquo;allow-always\u0026rdquo; persistence, specifically when dealing with wrapper binaries like \u003ccode\u003e/usr/bin/script\u003c/code\u003e. The application fails to properly unwrap or inspect the underlying commands executed by these wrappers before storing trust decisions. This oversight allows an attacker to gain user approval for a benign, wrapped command. Once approved, the trust is incorrectly associated with the wrapper binary itself, enabling the execution of arbitrary, potentially malicious, commands through the same wrapper. This vulnerability can lead to privilege escalation or other unauthorized activities, as the attacker can bypass intended security restrictions by leveraging the improperly granted trust.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable OpenClaw installation running a version prior to 2026.3.28.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a seemingly benign command using a wrapper binary like \u003ccode\u003e/usr/bin/script\u003c/code\u003e, such as \u003ccode\u003escript -q /tmp/output bash -c \u0026quot;id\u0026quot;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe user is prompted by OpenClaw to approve the execution of \u003ccode\u003e/usr/bin/script\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe user, believing the command is safe, approves the execution and adds \u003ccode\u003e/usr/bin/script\u003c/code\u003e to the \u0026ldquo;allow-always\u0026rdquo; list.\u003c/li\u003e\n\u003cli\u003eOpenClaw incorrectly persists trust for \u003ccode\u003e/usr/bin/script\u003c/code\u003e without unwrapping the command.\u003c/li\u003e\n\u003cli\u003eAttacker then executes a malicious command using the same wrapper, e.g., \u003ccode\u003escript -q /tmp/output bash -c \u0026quot;rm -rf /\u0026quot;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eOpenClaw allows the execution of the malicious command because \u003ccode\u003e/usr/bin/script\u003c/code\u003e is already trusted.\u003c/li\u003e\n\u003cli\u003eThe malicious command executes, resulting in data loss or system compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows attackers to bypass the intended access controls enforced by OpenClaw. An attacker can leverage a trusted wrapper binary to execute arbitrary commands, potentially leading to privilege escalation and full system compromise. The impact can range from data theft and system corruption to complete control over the affected system. This vulnerability affects any system running a vulnerable version of OpenClaw.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade OpenClaw to version 2026.3.28 or later to patch the vulnerability described in CVE-2026-41390.\u003c/li\u003e\n\u003cli\u003eImplement process monitoring to detect the execution of \u003ccode\u003e/usr/bin/script\u003c/code\u003e or similar wrappers with potentially malicious commands as a defense in depth. Use the \u0026ldquo;Detect Suspicious Script Wrapper Execution\u0026rdquo; Sigma rule provided below.\u003c/li\u003e\n\u003cli\u003eReview existing \u0026ldquo;allow-always\u0026rdquo; rules in OpenClaw and remove any entries for wrapper binaries like \u003ccode\u003e/usr/bin/script\u003c/code\u003e that might have been added inadvertently.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-28T19:37:42Z","date_published":"2026-04-28T19:37:42Z","id":"/briefs/2026-04-openclaw-allowlist-bypass/","summary":"OpenClaw before version 2026.3.28 contains an exec allowlist bypass vulnerability (CVE-2026-41390) that allows attackers to persist trust for wrapper binaries like /usr/bin/script to execute different underlying programs, potentially leading to privilege escalation.","title":"OpenClaw Exec Allowlist Bypass Vulnerability (CVE-2026-41390)","url":"https://feed.craftedsignal.io/briefs/2026-04-openclaw-allowlist-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-41390","version":"https://jsonfeed.org/version/1.1"}