Description
OpenClaw before 2026.3.22 fails to enforce operator.admin scope on mutating internal ACP chat commands, allowing unauthorized modifications. Attackers without admin privileges can execute mutating control-plane actions by directly invoking affected ACP commands to bypass authorization gates.
Published: 2026-04-09
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Authorization bypass / Privilege escalation
Action: Apply patch
AI Analysis

Impact

OpenClaw before version 2026.3.22 fails to enforce the operator.admin scope on mutating internal ACP chat commands, allowing users without administrative rights to execute control‑plane modifications. This missing authorization check corresponds to CWE‑862. The resulting ability to change system state without proper privileges can lead to unauthorized configuration changes, service disruptions, or further exploitation within the application.

Affected Systems

The vulnerability affects the OpenClaw product distributed as OpenClaw:OpenClaw versions earlier than 2026.3.22, operating on a Node.js environment. No other vendors or product variants are listed in the CNA data.

Risk and Exploitability

The CVSS base score of 7.1 indicates a moderate‑to‑high severity of this flaw. EPSS information is unavailable and the vulnerability is not listed in the CISA KEV catalog, suggesting it is not known to be actively exploited. Attackers must be able to invoke the affected ACP chat commands, which can be done by any user who has access to the internal chat interface—this is inferred from the advisory description. Once such access is available, the lack of scope enforcement allows immediate privilege escalation, making exploitation straightforward. The overall risk remains significant until the patch is applied.

Generated by OpenCVE AI on April 9, 2026 at 22:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.3.22 or later
  • If an immediate upgrade is not possible, restrict access to ACP chat commands so that only users with the operator.admin scope can use them
  • Monitor system logs for unexpected ACP command usage until the defender is fully patched

Generated by OpenCVE AI on April 9, 2026 at 22:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 10 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 09 Apr 2026 21:45:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.3.22 fails to enforce operator.admin scope on mutating internal ACP chat commands, allowing unauthorized modifications. Attackers without admin privileges can execute mutating control-plane actions by directly invoking affected ACP commands to bypass authorization gates.
Title OpenClaw < 2026.3.22 - Missing Authorization Enforcement in Internal ACP Chat Commands
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-862
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-10T17:14:31.600Z

Reserved: 2026-04-04T12:29:42.738Z

Link: CVE-2026-35631

cve-icon Vulnrichment

Updated: 2026-04-10T17:14:25.943Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-09T22:16:31.790

Modified: 2026-04-15T17:21:40.993

Link: CVE-2026-35631

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:28:31Z

Weaknesses