CVE-2026-41392

Description

## Summary Before OpenClaw 2026.3.31, exec allowlist matching could treat shell init-file wrapper invocations as if the approved script itself were being executed. Shell options such as `--rcfile`, `--init-file`, and `--startup-file` could therefore inherit allowlist trust from a matched script path even though the shell loaded attacker-chosen initialization first. ## Impact This issue only applied when exec allowlist or allow-always behavior was enabled and the attacker could steer a shell-wrapper command shape that used init-file options. The result was a narrower allowlist bypass, not generic arbitrary command execution from an untrusted boundary. ## Affected Packages / Versions - Package: `openclaw` (npm) - Affected versions: `< 2026.3.31` - Patched versions: `>= 2026.3.31` - Latest published npm version: `2026.4.1` ## Fix Commit(s) - `0c8375424620e12777ef24c162eedc7e9fcfd7e3` — reject shell init-file script matches ## Release Process Note The fix shipped in OpenClaw `2026.3.31` on March 31, 2026. The current published npm release `2026.4.1` from April 1, 2026 also contains the fix. Thanks @cyjhhh for reporting.

How to fix CVE-2026-41392

To remediate CVE-2026-41392, upgrade the affected package to a fixed version below.

—upgrade to 2026.3.31 or later

Is CVE-2026-41392 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 2026.3.31

CVSS scores

Source

osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
osv	CVSS 3.1	HIGH7.3	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H