Description
OpenClaw versions prior to 2026.2.2 contain an authorization bypass vulnerability where clients with operator.write scope can approve or deny exec approval requests by sending the /approve chat command. The /approve command path invokes exec.approval.resolve through an internal privileged gateway client, bypassing the operator.approvals permission check that protects direct RPC calls.
Published: 2026-03-05
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Authorization Bypass that permits users with operator.write scope to approve or deny execution requests via the /approve chat command
Action: Immediate Patch
AI Analysis

Impact

OpenClaw versions earlier than 2026.2.2 contain an authorization bypass that allows a client with the operator.write scope to send a /approve chat command. The command internally routes through an internal privileged gateway client to invoke exec.approval.resolve, avoiding the operator.approvals permission check that protects direct RPC calls. This flaw enables an attacker to approve or deny execution approvals without the required authorization, potentially allowing the execution of arbitrary commands.

Affected Systems

All OpenClaw installations running a version earlier than 2026.2.2 are vulnerable. The affected product is OpenClaw, a Node.js based chat integration platform.

Risk and Exploitability

The CVSS score of 7.2 indicates a medium to high severity. The EPSS score of <1% suggests a low probability of exploitation at present, and the issue is not listed in the CISA KEV catalog. However, the vulnerability can be leveraged by any user possessing operator.write scope, which is typically granted to privileged operators. If an attacker gains such scope—either by compromise or misconfiguration—they could authorize malicious executions, leading to potential remote code execution or data tampering. The likely attack vector is the /approve chat command sent within the platform's chat interface.

Generated by OpenCVE AI on April 16, 2026 at 11:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.2.2 or later to apply the vendor‑provided fix.
  • Restrict the operator.write scope to only trusted operators and review all access‑control policies. If possible, remove operator.write privileges from users who do not require them.
  • Configure the platform to log and monitor /approve command invocations and audit approval actions for suspicious activity.

Generated by OpenCVE AI on April 16, 2026 at 11:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-mqpw-46fh-299h OpenClaw authorization bypass: operator.write can resolve exec approvals via chat.send -> /approve
History

Mon, 09 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Mar 2026 17:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H'}

Thu, 05 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Description OpenClaw versions prior to 2026.2.2 contain an authorization bypass vulnerability where clients with operator.write scope can approve or deny exec approval requests by sending the /approve chat command. The /approve command path invokes exec.approval.resolve through an internal privileged gateway client, bypassing the operator.approvals permission check that protects direct RPC calls.
Title OpenClaw < 2026.2.2 - Authorization Bypass via /approve Chat Command
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-863
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 7.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-09T18:06:34.121Z

Reserved: 2026-02-27T19:19:39.397Z

Link: CVE-2026-28473

cve-icon Vulnrichment

Updated: 2026-03-09T18:06:29.295Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-05T22:16:21.220

Modified: 2026-03-11T16:18:20.220

Link: CVE-2026-28473

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T12:00:11Z

Weaknesses