Description
OpenClaw before 2026.4.24 contains an authorization bypass vulnerability in the MCP loopback feature that allows non-owner callers to skip owner-only tool policies and before-tool-call hooks. Attackers can invoke owner-only behavior through the affected loopback path to execute restricted tools when the feature is enabled and reachable.
Published: 2026-06-11
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenClaw versions prior to 2026.4.24 contain an authorization bypass that occurs within the MCP loopback feature. A caller that is not the owner of the tool can trigger the loopback, causing the system to execute owner‑only behavior and invoke pre‑tool‑call hooks that are normally restricted to the owner. This flaw allows an attacker to run privileged or restricted commands that should be inaccessible, potentially compromising application integrity and confidentiality.

Affected Systems

The affected vendor is OpenClaw, product OpenClaw, running on a Node.js runtime. All installations of OpenClaw older than version 2026.4.24 that have the MCP loopback feature enabled and reachable are vulnerable. No other vendors or product versions are impacted according to the available data.

Risk and Exploitability

The CVSS score of 6.9 classifies the vulnerability as moderate. No EPSS data is available, and it is not listed in the CISA KEV catalog, indicating that no large‑scale exploitation has been confirmed yet. The attack vector is inferred to be local or within a trusted network where the MCP loopback service is exposed; an attacker with network access to the loopback endpoint could trigger the bypass without needing owner credentials.

Generated by OpenCVE AI on June 11, 2026 at 21:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.4.24 or later to apply the authorization bypass fix.
  • If an upgrade cannot be performed immediately, disable the MCP loopback feature or restrict external access to its endpoint to prevent unauthorized invocation.
  • Verify that no non‑owner users can trigger the loopback by reviewing access controls and monitoring logs for unexpected tool invocations.

Generated by OpenCVE AI on June 11, 2026 at 21:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.4.24 contains an authorization bypass vulnerability in the MCP loopback feature that allows non-owner callers to skip owner-only tool policies and before-tool-call hooks. Attackers can invoke owner-only behavior through the affected loopback path to execute restricted tools when the feature is enabled and reachable.
Title OpenClaw < 2026.4.24 - Owner-Only Tool Policy Bypass via MCP Loopback
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-862
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 6.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-11T20:09:57.354Z

Reserved: 2026-06-10T21:16:07.494Z

Link: CVE-2026-53818

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-11T21:16:24.090

Modified: 2026-06-11T21:16:24.090

Link: CVE-2026-53818

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T22:00:08Z

Weaknesses