Description
OpenClaw before 2026.5.6 contains a privilege escalation vulnerability in the Active Memory write scope that allows Gateway operators with operator.write access to modify global configuration without requiring operator.admin privileges. Attackers with operator.write access can exploit insufficient scope validation to apply unauthorized configuration changes beyond the intended write scope.
Published: 2026-06-16
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A gateway operator possessing operator.write privileges can alter global configuration entries that are intended for operator.admin users, a flaw caused by insufficient validation in the Active Memory write scope. By using the write scope vulnerability, the attacker can insert, modify, or delete critical configuration parameters, thereby subverting the intended access restrictions within the OpenClaw system. The unauthorized changes could affect routing rules, security policies, or network behavior, effectively elevating the attacker’s privileges over the platform.

Affected Systems

Any installation of OpenClaw running a version prior to 2026.5.6 is affected. This includes all deployments of the core Gateway component that stores configuration data, irrespective of deployment context.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity. The EPSS score of less than 1% suggests a low probability of exploitation at this time and the vulnerability is not listed in CISA’s KEV catalog. Based on the description, it is inferred that the attack vector involves an internal user who already holds operator.write permissions; once such a role is compromised or misused, the attacker can perform unauthorized configuration changes without needing operator.admin rights. Consequently, the risk is moderate but can become significant if the altered settings impact critical security controls or core network functionalities.

Generated by OpenCVE AI on June 17, 2026 at 21:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to OpenClaw version 2026.5.6 or newer to remove the write scope validation flaw.
  • Restrict operator.write permissions to a minimal, vetted set of users and regularly review role assignments.
  • Enable comprehensive logging and audit trails for all configuration changes to detect and respond to unauthorized modifications promptly.

Generated by OpenCVE AI on June 17, 2026 at 21:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-x629-46cc-7xgw OpenClaw: Active Memory write scope could mutate global config
History

Tue, 16 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.5.6 contains a privilege escalation vulnerability in the Active Memory write scope that allows Gateway operators with operator.write access to modify global configuration without requiring operator.admin privileges. Attackers with operator.write access can exploit insufficient scope validation to apply unauthorized configuration changes beyond the intended write scope.
Title OpenClaw < 2026.5.6 - Privilege Escalation via Active Memory Write Scope
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-266
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N'}


Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-16T18:45:07.648Z

Reserved: 2026-06-10T21:21:12.125Z

Link: CVE-2026-53847

cve-icon Vulnrichment

Updated: 2026-06-16T18:45:02.232Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T19:17:01.790

Modified: 2026-06-16T20:42:46.200

Link: CVE-2026-53847

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T21:30:12Z

Weaknesses
  • CWE-266

    Incorrect Privilege Assignment