3 matches found
GHSA-3W6X-GV34-MQPF OpenClaw's mutating internal ACP chat commands missed operator.admin scope enforcement
Summary Mutating internal ACP chat commands missed the operator.admin gate that should separate read-only and mutating control-plane actions. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...
OpenClaw's mutating internal ACP chat commands missed operator.admin scope enforcement
Summary Mutating internal ACP chat commands missed the operator.admin gate that should separate read-only and mutating control-plane actions. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...
Missing Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization due to missing enforcement of the operator.admin scope in mutating internal ACP chat commands. An attacker can perform unauthorized mutating control-plane actions by...