9 matches found
CVE-2026-53818
OpenClaw before 2026.4.24 contains an authorization bypass vulnerability in the MCP loopback feature that allows non-owner callers to skip owner-only tool policies and before-tool-call hooks. Attackers can invoke owner-only behavior through the affected loopback path to execute restricted tools...
CVE-2026-32051
OpenClaw versions prior to 2026.3.1 contain an authorization mismatch vulnerability that allows authenticated callers with operator.write scope to invoke owner-only tool surfaces including gateway and cron through agent runs in scoped-token deployments. Attackers with write-scope access can perfo...
CVE-2026-32051 OpenClaw < 2026.3.1 - Authorization Bypass in Agent Runs via Owner-Only Tool Access
OpenClaw versions prior to 2026.3.1 contain an authorization mismatch vulnerability that allows authenticated callers with operator.write scope to invoke owner-only tool surfaces including gateway and cron through agent runs in scoped-token deployments. Attackers with write-scope access can perfo...
CVE-2026-32051 OpenClaw < 2026.3.1 - Authorization Bypass in Agent Runs via Owner-Only Tool Access
OpenClaw versions prior to 2026.3.1 contain an authorization mismatch vulnerability that allows authenticated callers with operator.write scope to invoke owner-only tool surfaces including gateway and cron through agent runs in scoped-token deployments. Attackers with write-scope access can perfo...
OpenClaw's owner-only gateway tool access checks were incomplete in specific authenticated DM flows
Summary In authenticated non-owner DM sessions, a narrow tool-invocation path could reach broader-than-intended owner-only gateway actions. Impact This requires an authenticated non-owner sender in a DM session and a specific tool invocation path. No unauthenticated access is involved, and this...
GHSA-WPG9-4G4V-F9RC OpenClaw: Discord voice transcript owner-flag omission could expose owner-only tools in mixed-trust channels
Summary In [email protected], the Discord voice transcript path called agentCommand... without senderIsOwner, and agentCommand defaults missing senderIsOwner to true. This could allow a non-owner voice participant in the same channel to reach owner-only tool surfaces gateway, cron during voice...
OpenClaw: Discord voice transcript owner-flag omission could expose owner-only tools in mixed-trust channels
Summary In [email protected], the Discord voice transcript path called agentCommand... without senderIsOwner, and agentCommand defaults missing senderIsOwner to true. This could allow a non-owner voice participant in the same channel to reach owner-only tool surfaces gateway, cron during voice...
GHSA-JR6X-2Q95-FH2G OpenClaw's authorization mismatch allowed write-scope agent runs to reach owner-only tools
Summary An authorization mismatch allowed authenticated callers with operator.write access to invoke owner-only tool surfaces gateway, cron through agent runs in scoped-token deployments. Impact On affected deployments, write-scoped callers could perform control-plane actions beyond intended writ...
OpenClaw's authorization mismatch allowed write-scope agent runs to reach owner-only tools
Summary An authorization mismatch allowed authenticated callers with operator.write access to invoke owner-only tool surfaces gateway, cron through agent runs in scoped-token deployments. Impact On affected deployments, write-scoped callers could perform control-plane actions beyond intended writ...