EUVD-2026-21118
GHSA-3xcc-5274-wv65
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
OpenClaw before 2026.3.22 fails to enforce operator.admin scope on mutating internal ACP chat commands, allowing unauthorized modifications. Attackers without admin privileges can execute mutating control-plane actions by directly invoking affected ACP commands to bypass authorization gates.
Analysis
Authorization bypass in OpenClaw versions prior to 2026.3.22 allows authenticated low-privilege users to execute administrative control-plane operations through internal ACP chat commands. The vulnerability stems from missing operator.admin scope enforcement on mutating commands, enabling unauthorized users to invoke privileged actions that modify system configuration or state. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all OpenClaw deployments and current versions via asset inventory; verify which systems run versions prior to 2026.3.22. Within 7 days: Apply vendor-released patch to OpenClaw 2026.3.22 or later across all affected instances; prioritize control-plane and production environments. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today