Description
OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows compromised models to write unsafe configuration changes by bypassing an incomplete denylist protection. Attackers can persist malicious config modifications affecting command execution, network behavior, credentials, and operator policies that survive restart.
Published: 2026-05-11
Score: 7.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenClaw versions older than 2026.4.23 contain an improper access control flaw in the gateway tool’s config.apply and config.patch operations. Because the tool does not fully enforce its denylist, a model that has already been compromised can inject unsafe configuration changes. These changes can alter command execution, network behavior, credentials, and operator policies, and they persist across restarts, giving the attacker a durable foothold. The weakness is a classic lack of proper access control (CWE‑184).

Affected Systems

All deployments of OpenClaw OpenClaw running a pre‑2026.4.23 release are affected. Updating to the 2026.4.23 release or later removes the vulnerability.

Risk and Exploitability

The vulnerability has a CVSS score of 7.7, indicating a high severity. The EPSS score is not available, so the exploitation probability cannot be quantified, but the KEV status indicates it is currently not listed as a known exploited vulnerability. The likely attack vector requires that an adversary first compromise a model within the OpenClaw environment; once inside, the attacker can use the config.apply or config.patch functions to inject malicious configuration data that will be honored by the gateway tool. The persistence of these changes amplifies the risk, as the malicious configuration survives server restarts.

Generated by OpenCVE AI on May 11, 2026 at 18:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.4.23 or later to remove the access control flaw.
  • Review and strengthen the gateway tool’s configuration denylist to ensure critical parameters cannot be altered; perform a manual audit of existing configuration files for unauthorized changes.
  • Enable detailed logging of configuration changes and set alerts for any deviations from the allowed denylist, ensuring rapid detection of future attempts to mutate gateway settings.

Generated by OpenCVE AI on May 11, 2026 at 18:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 11 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows compromised models to write unsafe configuration changes by bypassing an incomplete denylist protection. Attackers can persist malicious config modifications affecting command execution, network behavior, credentials, and operator policies that survive restart.
Title OpenClaw < 2026.4.23 - Unsafe Config Mutation via Gateway Tool Denylist Bypass
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-184
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 7.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-11T18:25:19.322Z

Reserved: 2026-05-08T16:43:53.068Z

Link: CVE-2026-45006

cve-icon Vulnrichment

Updated: 2026-05-11T18:25:15.317Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-11T18:16:40.980

Modified: 2026-05-12T14:20:56.547

Link: CVE-2026-45006

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T21:45:35Z

Weaknesses