OpenClaw versions prior to 2026.4.29 contain a policy bypass flaw in the QQBot admin command module. The vulnerability allows an authenticated sender to bypass the DM‑only and allowFrom policy checks that normally restrict when and from whom administrative commands can be issued. As a result, an attacker who has legitimate access to the system can route privileged commands from unauthorized contexts and execute behaviors that the policy should otherwise block, compromising the integrity of the bot.

The affected product is OpenClaw's QQBot component, distributed under the OpenClaw brand. All installations running a release older than 2026.4.29 are susceptible to the bypass, including earlier releases such as 2026.4.28 and earlier. No specific sub‑module or variation is known to mitigate this issue, so all standard OpenClaw deployments are listed as impacted.

With a CVSS score of 2.3, the vulnerability is considered low severity. The EPSS score is not available and the issue is not listed in the CISA KEV catalog, indicating that widespread exploitation is not currently reported. However, the vulnerability requires only that an attacker be authenticated to the system and can create a message that satisfies the bot’s parsing, meaning the attack path is straightforward for users with access to the bot. An attacker could thus execute privileged commands that the policy should not allow, potentially altering bot configuration, permissions, or data handling.