Description
OpenClaw before 2026.4.21 contains an authorization bypass vulnerability in command-auth.ts that allows non-owner senders to execute owner-enforced slash commands when wildcard inbound senders are configured without explicit owner allowFrom settings. Attackers can exploit this by sending commands like /send, /config, or /debug on affected channels to bypass owner-only command authorization checks.
Published: 2026-05-11
Score: 2.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenClaw versions earlier than 2026.4.21 contain an authorization bypass flaw in command-auth.ts that allows non‑owner senders to invoke owner‑enforced slash commands. The vulnerability, identified by CWE‑863, enables attackers to execute privileged commands such as /send, /config, or /debug on channels that accept wildcard inbound senders without explicit owner allowFrom settings, effectively giving them unauthorized command control.

Affected Systems

The affected product is OpenClaw from OpenClaw. All releases before 2026.4.21 are impacted; any deployment running a version older than this patch is vulnerable.

Risk and Exploitability

The CVSS score of 2.3 indicates limited severity, and the EPSS score is not available; the vulnerability is not listed in the CISA KEV catalog. Attacks are expected to occur when a channel is configured to allow inbound wildcard senders, which is common in community or public servers. An attacker can exploit the flaw by sending one of the designated owner‑only commands within the affected channel to bypass normal authorization checks.

Generated by OpenCVE AI on May 11, 2026 at 19:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the OpenClaw installation to version 2026.4.21 or later to eliminate the vulnerability.
  • Restrict channel settings to prevent wildcard inbound senders without explicit owner allowFrom permissions; only allow whitelisted owners if wildcard senders are required.
  • Disable or limit the use of owner‑enforced slash commands if they are not essential, and verify that command permissions are correctly configured.

Generated by OpenCVE AI on May 11, 2026 at 19:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 11 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.4.21 contains an authorization bypass vulnerability in command-auth.ts that allows non-owner senders to execute owner-enforced slash commands when wildcard inbound senders are configured without explicit owner allowFrom settings. Attackers can exploit this by sending commands like /send, /config, or /debug on affected channels to bypass owner-only command authorization checks.
Title OpenClaw < 2026.4.21 - Authorization Bypass in Owner-Enforced Commands via Wildcard Channel Senders
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-863
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 4.2, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N'}

cvssV4_0

{'score': 2.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-11T17:26:35.853Z

Reserved: 2026-05-08T16:41:39.933Z

Link: CVE-2026-44991

cve-icon Vulnrichment

Updated: 2026-05-11T17:26:32.884Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-11T18:16:38.780

Modified: 2026-05-12T14:19:41.400

Link: CVE-2026-44991

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T19:45:08Z

Weaknesses