Description
OpenClaw before 2026.3.24 contains a privilege escalation vulnerability where the /allowlist command fails to re-validate gateway client scopes for internal callers, allowing operator.write-scoped clients to mutate channel authorization policy. Attackers can exploit chat.send to build an internal command-authorized context and persist channel allowFrom and groupAllowFrom policy changes reserved for operator.admin scope.
Published: 2026-04-10
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

The vulnerability inconsistently enforces gateway client scopes for the /allowlist command, allowing any client with operator.write scope to modify authorization policies through the chat.send command. This flaw enables attackers to persist changes to allowFrom and groupAllowFrom settings that are normally restricted to operator.admin, effectively elevating their privileges within the system.

Affected Systems

OpenClaw software versions earlier than 2026.3.24 are affected. The product runs on a Node.js environment and is identified in the CVE as missing authorization checks (CWE‑862).

Risk and Exploitability

The CVSS score of 7.1 indicates a high severity. No EPSS data is available, but the requirement for an authenticated operator.write client and the ability to modify persistent channel policies suggest a nontrivial exploitation risk. The vulnerability is currently not listed in the CISA KEV catalog, yet administrators should treat it with priority and apply the recommended patch to mitigate potential privilege escalation.

Generated by OpenCVE AI on April 10, 2026 at 17:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the OpenClaw update to version 2026.3.24 or later.
  • Limit or revoke operator.write scope from clients until the update is applied.
  • Verify existing channel authorization policies to detect any unauthorized allowlist changes that may have been persisted.
  • Continuously monitor audit logs for unexpected policy modifications.

Generated by OpenCVE AI on April 10, 2026 at 17:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-94pw-c6m8-p9p9 OpenClaw: Gateway operator.write Can Reach Admin-Class Channel Allowlist Persistence via chat.send
History

Fri, 10 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.3.24 contains a privilege escalation vulnerability where the /allowlist command fails to re-validate gateway client scopes for internal callers, allowing operator.write-scoped clients to mutate channel authorization policy. Attackers can exploit chat.send to build an internal command-authorized context and persist channel allowFrom and groupAllowFrom policy changes reserved for operator.admin scope.
Title OpenClaw < 2026.3.24 - Privilege Escalation via chat.send to Allowlist Persistence
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-862
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-10T18:21:15.828Z

Reserved: 2026-04-04T12:28:49.756Z

Link: CVE-2026-35621

cve-icon Vulnrichment

Updated: 2026-04-10T18:21:12.273Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-10T17:17:04.520

Modified: 2026-04-13T20:14:25.677

Link: CVE-2026-35621

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T13:01:00Z

Weaknesses