Is openclaw affected by CVE-2026-41383?

npm openclaw is affected in <2026.4.2.

Is CVE-2026-41383 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.4%.

medium

CVE-2026-41383

Q: Is CVE-2026-41383 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.4%.

npm · openclaw

Summary

OpenClaw: OpenShell mirror mode could delete arbitrary remote directories when roots were mis-scoped

Severity: medium
EPSS: 0.4% (p29)
Also known as: GHSA-m34q-h93w-vg5x
Published: 2026-04-07

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-m34q-h93w-vg5x
https://github.com/openclaw/openclaw/commit/b21c9840c2e38f4bb338d031511b479d5f07ca25
https://github.com/openclaw/openclaw

Related advisories

CVE-2026-44109 — critical · npm/openclaw
CVE-2026-43585 — critical · npm/openclaw
CVE-2026-41296 — critical · npm/openclaw
CVE-2026-41329 — critical · npm/openclaw
CVE-2026-41294 — critical · npm/openclaw
CVE-2026-53865 — high · npm/openclaw
CVE-2026-53858 — high · npm/openclaw
CVE-2026-53849 — high · npm/openclaw

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.