CVE-2026-41386
OpenClaw · OpenClaw
Bootstrap setup codes are not role-bound during first-use pairing.
✓ rule: openclaw-unbound-bootstrap-setup-code
audr.dev · live: CVE-2026-41386 published 2d ago
audr is an offline, single-binary scanner for AI agent configs — Claude Code, Cursor, Codex CLI, Windsurf, MCP servers. Run it on a laptop, get an HTML report. CISO-shaped, dev-deployable.
curl -fsSL https://audr.dev/install.sh | sh
in-browser scan · no install · paste anything
Your config never leaves your browser. View source: github.com/harshmaur/audr-web. WASM blob SHA-256: f1ef9e068130…
recent advisories · audr v0.3.1 detects every one
CVE-2026-41386
OpenClaw · OpenClaw
Bootstrap setup codes are not role-bound during first-use pairing.
✓ rule: openclaw-unbound-bootstrap-setup-code
CVE-2026-41349
OpenClaw · OpenClaw
config.patch can silently disable execution approval.
✓ rule: openclaw-config-patch-consent-bypass
CVE-2025-59536
Anthropic · Claude Code
Settings hooks execute arbitrary shell on PreToolUse / Stop events.
✓ rule: claude-hook-shell-rce
CVE-2026-25253
OpenClaw · OpenClaw
MCP credentials stored plaintext in user-readable config.
✓ rule: mcp-plaintext-api-key
CVE-2026-39861
Anthropic · Claude Code
Symlink in workspace allows sandbox escape on read.
✓ rule: claude-skip-permission-prompt
what a real scan looks like
audr emits an HTML report you can forward up the chain. Each finding has a one-line attacker-gets, a file:line citation, and lands on the Attack Chain it belongs to.
200
laptops scanned
14
critical findings
5
attack chains
4.2s
scan time