Description
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the chat.send endpoint that allows write-scoped gateway callers to persist admin-only verboseLevel session overrides. Attackers can exploit the /verbose parameter to bypass access controls and expose sensitive reasoning or tool output intended to be restricted to administrators.
Published: 2026-04-23
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Patch Now
AI Analysis

Impact

The vulnerability resides in the chat.send endpoint of OpenClaw and allows callers with write-scoped gateway permissions to persist admin‑only verboseLevel session overrides by exploiting the /verbose query parameter. This can bypass the intended access controls and expose sensitive reasoning or tool output that is normally restricted to administrators, effectively granting privilege escalation. The weakness is an authorization error (CWE‑863).

Affected Systems

OpenClaw before 2026.3.28 is affected; the product is OpenClaw distributed by OpenClaw. All releases older than 2026.3.28 have this flaw, with no specific sub‑product or module identified beyond the main OpenClaw application.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, and the EPSS score of less than 1% suggests a low likelihood of exploitation in the wild. Because the flaw is accessed via the chat.send REST endpoint, the likely attack vector is remote, requiring only a web request that includes the /verbose parameter. The vulnerability does not appear in the CISA KEV catalog, reducing the risk of known active exploitation, but any party with write‑scope gateway privileges can abuse the parameter to elevate privileges and read restricted data.

Generated by OpenCVE AI on April 28, 2026 at 07:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.3.28 or later, as the patch removes the vulnerable /verbose parameter handling.
  • If an upgrade is not immediately possible, constrain the /verbose parameter to administrator‑only users by modifying access controls or API gateway rules.
  • Enable detailed auditing/logging of verboseLevel changes so any unauthorized overrides are detected and investigated promptly.

Generated by OpenCVE AI on April 28, 2026 at 07:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-5h2w-qmfp-ggp6 OpenClaw: Gateway `operator.write` can reach admin-only persisted `verboseLevel` via `chat.send` `/verbose`
History

Fri, 24 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 23 Apr 2026 22:15:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the chat.send endpoint that allows write-scoped gateway callers to persist admin-only verboseLevel session overrides. Attackers can exploit the /verbose parameter to bypass access controls and expose sensitive reasoning or tool output intended to be restricted to administrators.
Title OpenClaw < 2026.3.28 - Privilege Escalation via chat.send /verbose Parameter
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-863
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-24T18:19:18.188Z

Reserved: 2026-04-20T14:05:09.184Z

Link: CVE-2026-41344

cve-icon Vulnrichment

Updated: 2026-04-24T16:50:08.067Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-23T22:16:40.970

Modified: 2026-04-29T15:52:05.363

Link: CVE-2026-41344

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T07:30:26Z

Weaknesses