CVE-2026-41360 — MEDIUM (6.7)

Q: How severe is CVE-2026-41360?

CVE-2026-41360 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-41360?

Check the references section above for vendor advisories and patch information. Affected products include: Openclaw Openclaw.

Vulnerability Description

OpenClaw before 2026.4.2 contains an approval integrity vulnerability in pnpm dlx that fails to bind local script operands consistently with pnpm exec flows. Attackers can replace approved local scripts before execution without invalidating the approval plan, allowing execution of modified script contents.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Openclaw	Openclaw	< 2026.4.2

Related Weaknesses (CWE)

CWE-367

References

https://github.com/openclaw/openclaw/commit/176c059b05357df1bc09d4328a2380670859Patch
https://github.com/openclaw/openclaw/security/advisories/GHSA-w6wx-jq6j-6mcjVendor Advisory
https://www.vulncheck.com/advisories/openclaw-approval-integrity-bypass-in-pnpm-Third Party Advisory

FAQ

What is CVE-2026-41360?

CVE-2026-41360 is a vulnerability with a CVSS score of 6.7 (MEDIUM). OpenClaw before 2026.4.2 contains an approval integrity vulnerability in pnpm dlx that fails to bind local script operands consistently with pnpm exec flows. Attackers can replace approved local scrip...

How severe is CVE-2026-41360?

CVE-2026-41360 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-41360?

Check the references section above for vendor advisories and patch information. Affected products include: Openclaw Openclaw.