Description
OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization bypass vulnerability in the synology-chat channel plugin where dmPolicy set to allowlist with empty allowedUserIds fails open. Attackers with Synology sender access can bypass authorization checks and trigger unauthorized agent dispatch and downstream tool actions.
Published: 2026-03-19
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Authorization Bypass (Unauthorized Actions)
Action: Immediate Patch
AI Analysis

Impact

OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization bypass vulnerability in the Synology Chat plugin. The bug arises when the dmPolicy is set to allowlist but the allowedUserIds list is empty, causing the system to fail the intended access check. Attackers who possess Synology sender privileges can exploit this flaw to trigger unauthorized agent dispatch and downstream tool actions. This flaw is classified as a CWE‑863 (Authorization Bypass Through User-Controlled Key).

Affected Systems

The affected vendor is OpenClaw, product OpenClaw. The vulnerability was present in versions 2026.2.22 and 2026.2.23 and has been fixed in 2026.2.24; the affected CPE is cpe:2.3:a:openclawopenclaw:*:*:*:*:*:node.js:*:*.

Risk and Exploitability

The CVSS base score is 8.3, indicating medium to high severity. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires legitimate Synology sender access and does not require additional user interaction; once authenticated, a malicious user can circumvent authorization checks and execute privileged actions within OpenClaw. The attack vector is likely remote, relying on specific application configuration (allowlist with no users) that can be validated and remedied by updating the software or adjusting configuration.

Generated by OpenCVE AI on March 19, 2026 at 02:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.2.24 or later, which resolves the empty allowedUserIds enforcement issue.
  • Verify that the dmPolicy configuration is not set to allowlist with an empty allowedUserIds list.
  • Restrict Synology sender permissions to trusted users only until the patch is applied.

Generated by OpenCVE AI on March 19, 2026 at 02:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-gw85-xp4q-5gp9 OpenClaw's Synology Chat dmPolicy=allowlist failed open on empty allowedUserIds, allowing unauthorized agent dispatch
History

Wed, 25 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L'}

 cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L'}

Thu, 19 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 01:30:00 +0000

Type Values Removed Values Added
Description OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization bypass vulnerability in the synology-chat channel plugin where dmPolicy set to allowlist with empty allowedUserIds fails open. Attackers with Synology sender access can bypass authorization checks and trigger unauthorized agent dispatch and downstream tool actions.
Title OpenClaw 2026.2.22 < 2026.2.24 - Authorization Bypass in Synology Chat Plugin via Empty allowedUserIds
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-863
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L'}

cvssV4_0

{'score': 8.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-25T14:31:46.250Z

Reserved: 2026-03-10T19:48:13.663Z

Link: CVE-2026-31998

cve-icon Vulnrichment

Updated: 2026-03-19T15:34:11.221Z

cve-icon NVD

Status : Modified

Published: 2026-03-19T02:16:05.347

Modified: 2026-03-25T15:16:43.270

Link: CVE-2026-31998

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T11:55:33Z

Weaknesses