Ghostwire
Home / Vulnerabilities / CVE-2026-41360

CVE-2026-41360: OpenClaw before 2026.4.2 contains an approval integrity vulnerability in pnpm dlx that fails to bind local script...

MEDIUM CVSS 5.5

Published: April 23, 2026 | Last Modified: April 23, 2026

Description

OpenClaw before 2026.4.2 contains an approval integrity vulnerability in pnpm dlx that fails to bind local script operands consistently with pnpm exec flows. Attackers can replace approved local scripts before execution without invalidating the approval plan, allowing execution of modified script contents.

Ghostwire Analysis — What This Means Practically

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (2 articles)

CVE Feed
CVE-2026-41360 - OpenClaw < 2026.4.2 - Approval Integrity Bypass in pnpm dlx Local Script Binding
 Tenable CVEs
CVE-2026-41360

References