CVE-2026-32976 OpenClaw < 2026.3.11 - Account-Scoped configWrites Policy Bypass via Channel Commands

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing channel commands to mutate protected sibling-account configuration despite configWrites restrictions. Attackers with authorized access on one account can execute channel commands like /config set channels..accounts...

CVE-2026-32976

OpenClaw is affected by an authorization bypass in versions before 2026.3.11. An attacker with authorized access on one account can issue channel commands (e.g., /config set channels..accounts.) to mutate protected sibling-account configurations despite configWrites: false. Impact is the modifica...

GHSA-8JHH-JCQG-MJ5P OpenClaw: Channel commands could bypass account-scoped `configWrites` restrictions

Summary In affected versions of openclaw, channel-initiated config mutations were authorized against the originating account's configWrites policy but did not consistently re-check the targeted account scope. An authorized sender on one account could mutate protected sibling-account configuration...

OpenClaw: Channel commands could bypass account-scoped `configWrites` restrictions

Summary In affected versions of openclaw, channel-initiated config mutations were authorized against the originating account's configWrites policy but did not consistently re-check the targeted account scope. An authorized sender on one account could mutate protected sibling-account configuration...

GHSA-HFPR-JHPQ-X4RM OpenClaw: `operator.write` chat.send could reach admin-only config writes

Summary A gateway client authenticated with operator.write could route /config set or /config unset through chat.send and reach persistent config mutation even though direct config RPC methods are admin-scoped. Affected Packages / Versions - Package: openclaw npm - Latest published vulnerable...

Hostmaster (Aegir) - Moderately critical - Access bypass, Arbitrary code execution - SA-CONTRIB-2020-031

Aegir is a powerful hosting system that sits alongside a LAMP or LEMP server to create, deploy and manage Drupal sites. Given that Aegir can use both Apache and Nginx Web servers, Apache allows configuration-writing users to escalate their privileges to the superuser root, and Aegir's operations...

Code execution vulnerability in hao6cms v2.0 config_edit.asp file

hao6cms is an enterprise website management system. A code execution vulnerability exists in the hao6cms v2.0 configedit.asp file. The vulnerability is due to the parameters failed to filter the direct splicing written to the configuration file, an attacker can exploit the vulnerability to obtain...