CVE-2026-41355 MEDIUM

CVE-2026-41355: OpenClaw < 2026.3.28 - Arbitrary Code Execution via Mirror Mode Sandbox File Conversion

Vendor Openclaw
Product OpenClaw
Weakness CWE-829 · Inclusion from untrusted sphere
Published April 23, 2026
Last update May 12, 2026

CVSS base score

5.4/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

OpenClaw before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox files into workspace hooks. Attackers with mirror mode access can execute arbitrary code on the host during gateway startup by exploiting enabled workspace hooks.

Key dates

02Disclosure timeline

April 23, 2026 CVE published
May 12, 2026 Record updated