CVE-2026-41339

MEDIUM 4.3

OpenClaw < 2026.4.2 - Information Disclosure via Gateway Connect Snapshot

CVSS Score

4.3

EPSS Score

0.0%

EPSS Percentile

0th

OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapshots to non-admin authenticated clients. Non-admin clients can recover host-specific filesystem paths and deployment details, enabling host fingerprinting and facilitating chained attacks.

CWE	CWE-497
Vendor	openclaw
Product	openclaw
Published	Apr 23, 2026

Stay Ahead of the Next One

Get instant alerts for openclaw openclaw

Be the first to know when new medium vulnerabilities affecting openclaw openclaw are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Affected Versions

OpenClaw / OpenClaw

0 < 2026.4.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/openclaw/openclaw/security/advisories/GHSA-2f7j-rp58-mr42 github.com: https://github.com/openclaw/openclaw/commit/676b748056b5efca6f1255708e9dd9469edf5e2e vulncheck.com: https://www.vulncheck.com/advisories/openclaw-information-disclosure-via-gateway-connect-snapshot

Credits

🔍 wang dong (@topsec-bunney)