CVE-2026-41388

OpenClaw before 2026.3.31 contains a configuration management vulnerability where startup migration treats empty-array settings as missing values. Attackers can restart the application to rehydrate revoked Tlon configuration from file state, bypassing intended revocation controls.

More information : https://github.com/openclaw/openclaw/commit/a4d72a83f01fedd35964c352e3473c7712a3511b