CVE-2026-44998

OpenClaw before 2026.4.20 contains a tool policy bypass vulnerability allowing bundled MCP and LSP tools to circumvent configured tool restrictions. Attackers with local agent access can append restricted tools to the effective tool set after policy filtering, bypassing profile policies, allow/de...

CVE-2026-44998 OpenClaw < 2026.4.20 - Tool Policy Bypass via Bundled MCP/LSP Tools

OpenClaw before 2026.4.20 contains a tool policy bypass vulnerability allowing bundled MCP and LSP tools to circumvent configured tool restrictions. Attackers with local agent access can append restricted tools to the effective tool set after policy filtering, bypassing profile policies, allow/de...

CVE-2026-44998

OpenClaw prior to version 2026.4.20 contains a tool policy bypass vulnerability in which bundled MCP and LSP tools can be appended to the effective tool set after policy filtering. This allows attackers with local agent access to bypass profile policies, allow/deny lists, owner-only restrictions,...

CVE-2026-44998 OpenClaw < 2026.4.20 - Tool Policy Bypass via Bundled MCP/LSP Tools

OpenClaw before 2026.4.20 contains a tool policy bypass vulnerability allowing bundled MCP and LSP tools to circumvent configured tool restrictions. Attackers with local agent access can append restricted tools to the effective tool set after policy filtering, bypassing profile policies, allow/de...

PT-2026-39687

OpenClaw before 2026.4.20 contains a tool policy bypass vulnerability allowing bundled MCP and LSP tools to circumvent configured tool restrictions. Attackers with local agent access can append restricted tools to the effective tool set after policy filtering, bypassing profile policies, allow/de...

CVE-2026-43583

OpenClaw 2026.4.10 before 2026.4.14 fails to persist session context during delivery queue recovery for media replay. Attackers can exploit recovered queued outbound media to bypass group tool policy enforcement and weaken channel media restrictions after service restart or recovery. Affected ver...

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization via the policy enforcement process. An attacker can gain unauthorized access to restricted tools by leveraging bundled MCP or LSP tools that bypass configured tool...

GHSA-QRP5-GFW2-GXV4 OpenClaw: Bundled MCP/LSP tools could bypass configured tool policy

Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact Bundled MCP and LSP tools could be appended to the agent's effective tool set after the normal tool-policy pipeline had already filtered core tools. If an operator configured a...

NPM: OpenClaw: Bundled MCP/LSP tools could bypass configured tool policy

NPM: OpenClaw: Bundled MCP/LSP tools could bypass configured tool policy vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...

GHSA-2HM8-RQRM-XFJQ OpenClaw's owner-only gateway tool access checks were incomplete in specific authenticated DM flows

Summary In authenticated non-owner DM sessions, a narrow tool-invocation path could reach broader-than-intended owner-only gateway actions. Impact This requires an authenticated non-owner sender in a DM session and a specific tool invocation path. No unauthenticated access is involved, and this...