Lucene search
K

4 matches found

OSV
OSV
added 2026/04/09 9:27 p.m.3 views

CVE-2026-35631 OpenClaw < 2026.3.22 - Missing Authorization Enforcement in Internal ACP Chat Commands

OpenClaw before 2026.3.22 fails to enforce operator.admin scope on mutating internal ACP chat commands, allowing unauthorized modifications. Attackers without admin privileges can execute mutating control-plane actions by directly invoking affected ACP commands to bypass authorization gates...

7.1CVSS6AI score0.00225EPSS
Exploits0References6
Snyk
Snyk
added 2026/03/26 9:24 p.m.4 views

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization due to missing enforcement of the operator.admin scope in mutating internal ACP chat commands. An attacker can perform unauthorized mutating control-plane actions by...

7.1CVSS5.9AI score0.00225EPSS
Exploits0References2
OSV
OSV
added 2026/03/26 9:24 p.m.5 views

GHSA-3W6X-GV34-MQPF OpenClaw's mutating internal ACP chat commands missed operator.admin scope enforcement

Summary Mutating internal ACP chat commands missed the operator.admin gate that should separate read-only and mutating control-plane actions. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

7.1CVSS5.9AI score0.00225EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/26 9:24 p.m.7 views

OpenClaw's mutating internal ACP chat commands missed operator.admin scope enforcement

Summary Mutating internal ACP chat commands missed the operator.admin gate that should separate read-only and mutating control-plane actions. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

5.8AI score
Exploits0References3Affected Software1
Rows per page
Query Builder