CVE-2026-41393
MEDIUM
5,9
Source: [email protected]
Attack Vector: adjacent
Attack Complexity: high
Privileges Required: none
User Interaction: passive
Confidentiality: N/A
Integrity: N/A
Availability: N/A
MEDIUM
4,8
Source: [email protected]
Attack Vector: adjacent_network
Attack Complexity: high
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
Description
AI Translation Available
OpenClaw before 2026.3.31 contains a wide-area discovery vulnerability allowing arbitrary tailnet peers to be accepted as DNS authorities. Attackers with same-tailnet position and CA-trusted endpoint access can exfiltrate operator credentials through DNS steering manipulation.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0001
Percentile
0,0th
Updated
EPSS Score Trend (Last 2 Days)
346
Origin Validation Error
DraftCommon Consequences
Security Scopes Affected:
Access Control
Other
Potential Impacts:
Gain Privileges Or Assume Identity
Varies By Context
Applicable Platforms
Technologies:
Not Technology-Specific, Web Based
Application
Openclaw by Openclaw
Version Range Affected
To
2026.3.31
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/openclaw/openclaw/commit/a23c33a681f8c1b22dc793995acc4c5c4b5…
https://github.com/openclaw/openclaw/security/advisories/GHSA-q9w8-cf67-r238
https://www.vulncheck.com/advisories/openclaw-arbitrary-dns-authority-acceptanc…