Based on the description, it is inferred that the missing authorization check allows an unauthorized user to call the operator.write message-tool API and change the persistent Matrix profile configuration. The vulnerability is a straightforward authorization bypass (CWE‑862). The exploit does not give the attacker code execution or denial of service, but the ability to alter configuration that normally requires admin authority could compromise the platform’s integrity, confidentiality, and availability.

Affected systems include installations of OpenClaw using any version prior to 2026.4.10. The vulnerability is triggered when the operator.write message-tool paths are invoked, allowing message-tool runs by non‑owners to alter Matrix profile persistence settings. Users who have access to the message-tool interface without admin rights are at risk if the authorization checks are not enforced.

The likely attack vector is any user who can invoke the operator.write message-tool path; this could be remote or local depending on how OpenClaw is exposed. Based on the description, it is inferred that the vulnerability can be exploited without requiring elevated privileges beyond the ability to run message-tool writes. The EPSS score is not available, however the CVSS score of 7.1 indicates a moderate to high risk of exploitation. The vulnerability is not listed in CISA’s KEV catalog. If an attacker changes configuration, it could serve as a foothold for further compromise.