Skip to main content

OpenClaw CVE-2026-44991

| EUVDEUVD-2026-29136 LOW
Incorrect Authorization (CWE-863)
2026-05-11 VulnCheck GHSA-p3pv-c954-9m6f
2.3
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.3 LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
Severity Changed
May 11, 2026 - 18:22 NVD
MEDIUM LOW
CVSS changed
May 11, 2026 - 18:22 NVD
4.2 (MEDIUM) 2.3 (LOW)
Source Code Evidence Fetched
May 11, 2026 - 17:47 vuln.today
Analysis Generated
May 11, 2026 - 17:47 vuln.today
CVE Published
May 11, 2026 - 16:46 nvd
MEDIUM 4.2

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 1 npm packages depend on openclaw (1 direct, 0 indirect)

Ecosystem-wide dependent count for version 2026.4.21.

DescriptionCVE.org

OpenClaw before 2026.4.21 contains an authorization bypass vulnerability in command-auth.ts that allows non-owner senders to execute owner-enforced slash commands when wildcard inbound senders are configured without explicit owner allowFrom settings. Attackers can exploit this by sending commands like /send, /config, or /debug on affected channels to bypass owner-only command authorization checks.

AnalysisAI

Authorization bypass in OpenClaw before 2026.4.21 allows non-owner senders to execute owner-enforced slash commands when channels are configured with wildcard inbound senders (allowFrom: ["*"]) without explicit owner allowFrom settings. Attackers with legitimate channel access can exploit this to bypass owner-only command authorization checks and execute commands such as /send, /config, or /debug. The vulnerability requires authenticated access to affected channels but is limited to command-owner authorization and does not grant tool access or gateway administrator scope.

Technical ContextAI

OpenClaw is a command-authorization framework that enforces owner-only command restrictions via the command-auth.ts module. The vulnerability stems from a logic error in resolveCommandAuthorization() where the authorization decision incorrectly reused the channel's wildcard inbound sender policy (allowFrom: ["*"]) as a fallback when resolving command ownership. When a plugin sets enforceOwnerForCommands: true but does not explicitly configure commands.ownerAllowFrom, the absence of concrete owner candidates was incorrectly treated as authorization success (allowAll condition). The root cause (CWE-863: Incorrect Authorization) is the failure to require a concrete owner identity or internal operator-admin scope before granting access to owner-enforced commands. The fix removes the permissive fallback, requiring explicit owner-candidate matching or internal operator.admin scope instead of treating wildcard allowFrom or empty owner-candidate lists as sufficient authorization.

RemediationAI

Upgrade OpenClaw to version 2026.4.21 or later immediately via npm update or package manager. The patched version enforces concrete owner identity matching and requires internal operator-admin scope instead of treating wildcard channel allowFrom as sufficient authorization. For environments unable to upgrade immediately, apply mitigations: configure explicit commands.ownerAllowFrom with intended owner identities instead of relying on default behavior, or avoid using wildcard (allowFrom: ["*"]) sender policies on channels with enforceOwnerForCommands: true enabled until upgrade completes. Workaround configuration does not fully prevent the vulnerability but significantly reduces exposure surface by limiting the affected configuration pattern. The vendor strongly recommends immediate upgrade to 2026.4.21 as the only complete fix. See https://github.com/openclaw/openclaw/security/advisories/GHSA-c28g-vh7m-fm7v for detailed remediation guidance.

CVE-2026-28446 CRITICAL POC
9.4 Mar 05

Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.

CVE-2026-33579 CRITICAL POC
9.4 Mar 31

Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access b

CVE-2026-32042 HIGH POC
8.8 Mar 21

OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated att

CVE-2026-32051 HIGH POC
8.8 Mar 21

An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.

CVE-2026-25253 HIGH POC
8.8 Feb 01

OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs e

CVE-2026-32846 HIGH POC
8.7 Mar 26

Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files in

CVE-2026-32064 HIGH POC
7.7 Mar 21

OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, all

CVE-2026-32055 HIGH POC
7.6 Mar 21

OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace director

CVE-2026-32056 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run func

CVE-2026-32049 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consiste

CVE-2026-32048 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low

CVE-2026-25474 HIGH POC
7.5 Feb 19

OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSec

Share

CVE-2026-44991 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy