Description
OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicting tool identity hints from rawInput and metadata. Attackers can spoof tool identities through rawInput parameters to suppress dangerous-tool prompting and bypass security restrictions.
Published: 2026-04-10
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access via Tool Identity Spoofing
Action: Immediate Patch
AI Analysis

Impact

OpenClaw versions earlier than 2026.3.22 contain an identity spoofing vulnerability in the ACP permission resolution mechanism. The flaw arises because the system trusts conflicting tool identity hints supplied by the rawInput parameter and associated metadata, allowing an attacker to supply forged identity information. Exploiting this weakness can lead to suppression of dangerous-tool prompts and unauthorized execution of privileged actions by masquerading as a legitimate tool. The underlying weakness maps to CWE-807, indicating that the application accepts user‑supplied query parameters that influence identity checks.

Affected Systems

Affected systems include all installations of OpenClaw prior to release 2026.3.22. The product, identified as OpenClaw:OpenClaw, runs on Node.js as indicated by the CPE string. Any deployment of the vulnerable OpenClaw instance is susceptible, regardless of host operating system.

Risk and Exploitability

The CVSS score of 6.9 classifies this issue as medium severity. The EPSS score is not available, but the absence from CISA’s KEV catalogue suggests limited current exploitation activity. The likely attack vector requires an attacker to inject malicious parameters into a rawInput request that the OpenClaw instance processes, potentially enabling identity spoofing and subsequent privilege escalation or bypass of security controls.

Generated by OpenCVE AI on April 10, 2026 at 17:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.3.22 or later.
  • If patching cannot be applied immediately, restrict rawInput usage to trusted administrators only or enforce strict validation of rawInput parameters.
  • Review access controls on the ACP interface to limit exposure to authorized users only.

Generated by OpenCVE AI on April 10, 2026 at 17:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-74wf-h43j-vvmj OpenClaw's Conflicting Tool Identity Hints Bypass Dangerous-Tool Prompting
History

Fri, 10 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicting tool identity hints from rawInput and metadata. Attackers can spoof tool identities through rawInput parameters to suppress dangerous-tool prompting and bypass security restrictions.
Title OpenClaw < 2026.3.22 - Identity Spoofing via rawInput Tool in ACP Permission Resolution
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-807
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 5.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-10T20:18:12.455Z

Reserved: 2026-04-04T12:31:23.534Z

Link: CVE-2026-35655

cve-icon Vulnrichment

Updated: 2026-04-10T20:15:22.888Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-10T17:17:06.550

Modified: 2026-04-13T21:07:08.670

Link: CVE-2026-35655

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T13:00:49Z

Weaknesses