A vulnerability was found in OpenClaw up to 2026.4.7 and classified as critical . Affected by this issue is the function node.invoke . The manipulation results in incorrect authorization. This vulnerability is reported as CVE-2026-42431 . The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.