Description
OpenClaw before 2026.3.24 contains missing authorization vulnerabilities in the /send and /allowlist chat command handlers. The /send command allows non-owner command-authorized senders to change owner-only session delivery policy settings, and the /allowlist mutating commands fail to enforce operator.admin scope. Attackers with operator.write scope can invoke /send on|off|inherit to persistently mutate the current session's sendPolicy, and execute /allowlist add commands to modify config-backed allowFrom entries and pairing-store allowlist entries without proper admin authorization.
Published: 2026-04-10
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized configuration modification via missing authorization in chat commands
Action: Immediate Patch
AI Analysis

Impact

The vulnerability in OpenClaw allows users with operator.write scope to change the session’s sendPolicy and modify allowlist entries without the required operator.admin authority. By calling the /send command with on|off|inherit the attacker can persistently alter the delivery policy that is normally reserved for owners, and by invoking /allowlist add they can add arbitrary IP and pairing‑store allowlist entries. These changes compromise the integrity of the chat system’s access controls and can lead to unintended data routing, service disruption, or exposure of restricted content.

Affected Systems

OpenClaw implementations running any version before 2026.3.24 are affected. The issue exists in the OpenClaw server component that processes /send and /allowlist chat commands on Node.js based deployments.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity vulnerability, and the lack of EPSS data makes it unclear how frequently the vulnerability is being exploited. Since the attack vector involves chat command usage by users with operator.write scope, it is inferred that an attacker must already have some level of write access to the system. The vulnerability is not listed in the CISA KEV catalog, but the ability to change fundamental configuration settings is considered a serious operational risk for deployments that rely on strict access control for sendPolicy and allowlist entries.

Generated by OpenCVE AI on April 10, 2026 at 17:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.3.24 or later, which includes the authorization fixes for /send and /allowlist commands
  • If an upgrade is not immediately possible, restrict the operator.write scope to trusted accounts only to mitigate the risk of unauthorized configuration changes
  • Validate that sendPolicy and allowlist settings remain at factory defaults and review logs for unexpected changes in chat commands

Generated by OpenCVE AI on April 10, 2026 at 17:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-39mp-545q-w789 OpenClaw: Non-owner command-authorized sender can change the owner-only `/send` session delivery policy
History

Mon, 13 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.3.24 contains missing authorization vulnerabilities in the /send and /allowlist chat command handlers. The /send command allows non-owner command-authorized senders to change owner-only session delivery policy settings, and the /allowlist mutating commands fail to enforce operator.admin scope. Attackers with operator.write scope can invoke /send on|off|inherit to persistently mutate the current session's sendPolicy, and execute /allowlist add commands to modify config-backed allowFrom entries and pairing-store allowlist entries without proper admin authorization.
Title OpenClaw < 2026.3.24 - Missing Authorization in /send and /allowlist Chat Commands
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-862
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-13T15:37:24.593Z

Reserved: 2026-04-04T12:28:49.756Z

Link: CVE-2026-35620

cve-icon Vulnrichment

Updated: 2026-04-10T20:16:02.891Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-10T17:17:04.320

Modified: 2026-04-13T20:27:09.027

Link: CVE-2026-35620

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T13:01:02Z

Weaknesses