What is CVE-2026-41299?

An authorization bypass in OpenClaw's chat.send gateway where ACP-only provenance fields are gated by self-declared client metadata from WebSocket handshake rather than verified authorization state.

What is the CVSS score of CVE-2026-41299?

CVSS 7.1 (High) with network attack vector, low attack complexity, and high integrity impact.

Which OpenClaw versions are affected by CVE-2026-41299?

All OpenClaw versions before 2026.3.28. Upgrade to 2026.3.28 or above to patch.

How can CVE-2026-41299 be exploited?

An authenticated operator client spoofs ACP identity labels during WebSocket handshake, injecting reserved provenance fields intended only for the ACP bridge.

How to mitigate CVE-2026-41299?

Upgrade to v2026.3.28+, restrict gateway exposure through network segmentation, implement integrity checks on provenance fields.

← Back to dashboard

clawsmith.com/signal/cve-2026-41299-acp-provenance-bypass-websocket

⚠ IssueWide OpensecurityLive

CVE-2026-41299: Gateway ACP Provenance Guard Bypassed by WebSocket Client Identity Spoofing

OpenClaw before 2026.3.28 allows authenticated operator clients to spoof ACP identity labels and inject reserved provenance fields via manipulated WebSocket handshake metadata, bypassing authorization (CVSS 7.1).

Product Idea from this Signal

A security service that auto-patches OpenClaw CVEs within hours of disclosure before attackers exploit them

460.5k ▲

OpenClaw shipped 9 CVEs in 4 days (March 2026) including a CVSS 9.9 privilege escalation affecting 135K+ exposed instances. Most operators have no way to know which CVEs affect their version, no automated patching, and no coordination between the flood of advisories (156+ total) and their actual attack surface. This tool continuously monitors CVE feeds, maps each advisory to your installed version and enabled features, and applies safe mitigations automatically while queuing risky patches for human approval.

SECURITYCLIDEVTOOLOPEN-SOURCESYSADMIN

CompetitiveView Opportunity →