High nvd · CVE-2026-41349

CVE-2026-41349: OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execu

Published Apr 23, 2026 CVSS 8.7

OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execution approval via config.patch parameter. Remote attackers can exploit this to bypass security controls and execute unauthorized operations without user consent.

Agentic / MCP

Affected AI Products

llm agent agentic llm

View original source

Get the weekly digest. Every Monday: top AI security stories of the week. Free.