Impact
OpenClaw before 2026.4.25 suffers a privilege‑escalation flaw in its internal and webchat command authentication system. The flaw permits any sender who can send commands along the internal or webchat paths to inherit a wildcard ownerAllowFrom state across channel boundaries. This lets the attacker execute commands that are normally restricted to a specific channel, effectively bypassing the application’s intended access controls. The weakness is classified as CWE‑863, a missing access‑control requirement that allows unauthorized command execution.
Affected Systems
All deployments of OpenClaw that use a release version earlier than 2026.4.25 are affected, including the Node.js implementation bundled with the product. Only installations that have been updated to 2026.4.25 or later are safe from this vulnerability.
Risk and Exploitability
The CVSS base score is 6.0, indicating moderate severity. The EPSS score of less than 1% suggests a very low current exploitation probability. The vulnerability is not listed in CISA’s KEV catalog. Based on the description, it is inferred that an attacker requires the ability to issue commands through the affected internal or webchat interfaces, which could be achieved remotely via the public webchat endpoint. The escalation occurs when the system mistakenly treats the sender as an owner in a channel where they normally lack such privileges.
OpenCVE Enrichment
Github GHSA