Description
OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval buttons to resolve pending exec or plugin approval requests without proper authorization.
Published: 2026-05-29
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenClaw prior to 2026.5.18 contains an authorization bypass flaw in the QQBot native approval buttons. The software fails to check that the user clicking the button is an authorized approver, allowing any authenticated user to resolve pending execution or plugin approval requests. This weakness can lead to unauthorized changes being made to system processes or plugins, compromising integrity and potentially enabling further exploitation of the administrative interface.

Affected Systems

The affected product is OpenClaw, specifically the OpenClaw application that hosts the QQBot module. No explicit affected version range is provided beyond the knowledge that versions before 2026.5.18 are vulnerable; therefore users should verify that they are running 2026.5.18 or later.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity vulnerability. Because EPSS is not available and the issue is not listed in the CISA KEV catalog, the current probability of exploitation is uncertain, but the flaw is theoretically exploitable by any authenticated user who can access the QQBot interface. The attack surface is likely web based, requiring the attacker to log into the interface and click the approval button.

Generated by OpenCVE AI on May 29, 2026 at 17:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update OpenClaw to version 2026.5.18 or later to apply the vendor fix that enforces approver identity on QQBot native approval buttons
  • Verify that QQBot’s configuration requires the approver’s identity before processing approval actions
  • If a patch cannot be applied immediately, restrict access to the approval UI to only trusted users and monitor logs for unauthorized approval attempts

Generated by OpenCVE AI on May 29, 2026 at 17:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 16:15:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval buttons to resolve pending exec or plugin approval requests without proper authorization.
Title OpenClaw < 2026.5.18 - QQBot Missing Approver Identity Enforcement in Native Approval Buttons
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-862
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 7.5, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-29T15:15:32.545Z

Reserved: 2026-04-04T12:29:42.738Z

Link: CVE-2026-35630

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-29T16:16:26.097

Modified: 2026-05-29T16:29:34.540

Link: CVE-2026-35630

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T17:45:04Z

Weaknesses