Description
OpenClaw versions prior to 2026.3.1 contain an authorization mismatch vulnerability that allows authenticated callers with operator.write scope to invoke owner-only tool surfaces including gateway and cron through agent runs in scoped-token deployments. Attackers with write-scope access can perform control-plane actions beyond their intended authorization level by exploiting inconsistent owner-only gating during agent execution.
Published: 2026-03-21
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Authorization Bypass
Action: Immediate Patch
AI Analysis

Impact

A vulnerability in OpenClaw before version 2026.3.1 allows an authenticated caller with operator.write permissions to execute owner‑only tool surfaces—gateway and cron—through agent runs in deployments that use scoped tokens. The flaw results from an authorization mismatch during agent execution, enabling attackers to perform control‑plane actions beyond their intended scope. The vulnerability is classified as CWE‑863, a mismatch of authorization and needed privilege.

Affected Systems

Vendors impacted are OpenClaw for its OpenClaw product. All releases older than 2026.3.1, running on a Node.js environment, are susceptible to this issue.

Risk and Exploitability

The flaw carries a CVSS score of 8.7, indicating high severity. No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog. Attackers must first authenticate and possess operator.write scope; they can then trigger the exploit by initiating an agent run, which redirects them to owner‑only tools they are not authorized to use. Once triggered, the attacker gains unauthorized control‑plane capabilities that could affect confidentiality, integrity, and availability of the affected system.

Generated by OpenCVE AI on March 21, 2026 at 06:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.3.1 or later.
  • If an upgrade is temporarily infeasible, limit users to the minimal privilege set and remove operator.write permissions where possible.
  • Review and restrict agent run configurations to prevent execution of owner‑only tools by non‑owner entities.

Generated by OpenCVE AI on March 21, 2026 at 06:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Sat, 21 Mar 2026 05:30:00 +0000

Type Values Removed Values Added
Description OpenClaw versions prior to 2026.3.1 contain an authorization mismatch vulnerability that allows authenticated callers with operator.write scope to invoke owner-only tool surfaces including gateway and cron through agent runs in scoped-token deployments. Attackers with write-scope access can perform control-plane actions beyond their intended authorization level by exploiting inconsistent owner-only gating during agent execution.
Title OpenClaw < 2026.3.1 - Authorization Bypass in Agent Runs via Owner-Only Tool Access
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-863
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-23T16:56:06.400Z

Reserved: 2026-03-10T19:48:47.515Z

Link: CVE-2026-32051

cve-icon Vulnrichment

Updated: 2026-03-23T16:47:00.227Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-21T01:17:08.087

Modified: 2026-03-23T17:08:11.987

Link: CVE-2026-32051

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:33:23Z

Weaknesses