How serious is CVE-2026-41359?

CVSS 7.1 High. Attackers with any operator.write credential can reach admin-class settings and establish persistence through cron modification.

How do I fix CVE-2026-41359?

Upgrade OpenClaw to version 2026.3.28 or later.

Who is affected by CVE-2026-41359?

Deployments exposing OpenClaw to networks with multiple staff or service accounts using operator.write roles are at highest risk.

What is CVE-2026-41359?

A privilege escalation in OpenClaw before 2026.3.28 that allows operators with write permissions to access admin Telegram configuration and modify cron persistence via the send endpoint.

← Back to dashboard

clawsmith.com/signal/cve-2026-41359-privilege-escalation-telegram-cron

⚠ IssueWide OpenLive

CVE-2026-41359: Privilege escalation via Telegram cron persistence in OpenClaw

OpenClaw before 2026.3.28 allows authenticated operators with write permissions to access admin-class Telegram configuration and cron persistence settings via the send endpoint. CVSS 7.1.

Product Idea from this Signal

A CI/CD security gate that blocks OpenClaw deployments failing CVE, config, and network exposure checks

892 ▲

OpenClaw has accumulated 138+ CVEs in under 3 months, with 220,000+ instances exposed to the internet and 63% running without authentication. Kaspersky declared it unsafe for use. Existing tools (SecureClaw, Carapace, ClawSec) run audits after deployment, but nothing blocks a bad deployment from going live. This is a pre-deploy security gate that integrates into CI/CD pipelines, runs automated CVE version checks, config hardening validation, and network exposure scans, and fails the deploy if the instance doesn't meet a configurable security baseline.

CLICI-CDSECURITYDEVOPSOPEN-SOURCE

CompetitiveView Opportunity →