What CVEs were disclosed in the April 2026 OpenClaw privilege escalation wave?

Multiple CVEs including CVE-2026-42429, CVE-2026-41386 (CVSS 9.1), CVE-2026-41404, CVE-2026-41371, and CVE-2026-41329, affecting authentication, scope-clearing, and sandbox bypass.

What is CVE-2026-41386 in OpenClaw?

CVE-2026-41386 is a critical privilege escalation vulnerability (CVSS 9.1) affecting OpenClaw before v2026.3.22 in the first-use pairing system.

How does the OpenClaw gateway plugin privilege escalation work?

The gateway plugin HTTP auth mechanism widens identity-bearing operator.read requests into runtime operator.write permissions, allowing unauthorized privilege escalation.

How many total CVEs has OpenClaw had in 2026?

As of April 2026, the jgamblin/OpenClawCVEs tracker documents 138 CVEs, with 7 Critical (CVSS 9.0+) and 49 High (CVSS 7.0-8.9), meaning 41% are high-impact.

Is OpenClaw safe to use in production after the CVE wave?

OpenClaw's operator-trust-based security model means the agent has broad access to tools and services with no process-level isolation. Users should patch to latest, use containers like Tank OS, and evaluate alternatives like NanoClaw or ZeroClaw.

← Back to dashboard

clawsmith.com/signal/openclaw-privilege-escalation-cve-wave-april-2026

⚠ IssueWide OpenLive

OpenClaw Hit by New Privilege Escalation CVE Wave in Late April 2026

Multiple new CVEs disclosed in late April 2026 including CVE-2026-42429, CVE-2026-41386 (CVSS 9.1), CVE-2026-41404, and CVE-2026-41371. Gateway plugin HTTP auth widens identity-bearing operator.read requests into operator.write permissions. Trusted-proxy auth mode has incomplete scope-clearing allowing operator.admin escalation. Creator Peter Steinberger confirmed it was a privilege-escalation bug on HN.

Product Idea from this Signal

A security service that auto-patches OpenClaw CVEs within hours of disclosure before attackers exploit them

460.5k ▲

OpenClaw shipped 9 CVEs in 4 days (March 2026) including a CVSS 9.9 privilege escalation affecting 135K+ exposed instances. Most operators have no way to know which CVEs affect their version, no automated patching, and no coordination between the flood of advisories (156+ total) and their actual attack surface. This tool continuously monitors CVE feeds, maps each advisory to your installed version and enabled features, and applies safe mitigations automatically while queuing risky patches for human approval.

SECURITYCLIDEVTOOLOPEN-SOURCESYSADMIN

CompetitiveView Opportunity →