OpenClaw CVE-2026-41299
HIGH
GHSA-6xg4-82hv-cp6f
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionNVD
OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the chat.send gateway method where ACP-only provenance fields are gated by self-declared client metadata from WebSocket handshake rather than verified authorization state. Authenticated operator clients can spoof ACP identity labels and inject reserved provenance fields intended only for the ACP bridge by manipulating client metadata during connection.
AnalysisAI
Authorization bypass in OpenClaw's chat.send gateway allows authenticated operator clients to spoof ACP (Access Control Provider) identity labels and inject reserved provenance metadata by manipulating WebSocket handshake client metadata. Attackers with low-privilege operator credentials can bypass intended privilege boundaries to impersonate the ACP bridge, achieving high integrity impact through unauthorized modification of chat message provenance. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: inventory all OpenClaw deployments and identify systems running the chat.send gateway with operator role assignments; document current operator account holdings. Within 7 days: restrict operator role assignments to only essential personnel; implement network segmentation isolating WebSocket handshake traffic for monitoring and logging of metadata anomalies. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today