CVE ID :CVE-2026-41295 Published : April 20, 2026, 11:08 p.m. | 1 hour, 7 minutes ago Description :OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted workspace channel shadows to execute during built-in channel setup and login. Attackers can clone a workspace with a malicious plugin claiming a bundled channel id to achieve unintended in-process code execution before the plugin is explicitly trusted. Severity: 8.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...