Which versions of OpenClaw are affected by CVE-2026-45006?

CVE-2026-45006 affects OpenClaw's gateway tool, allowing authenticated users with model access to persistently alter critical security configurations including command execution policies, network…. A patch is available.

How to fix or mitigate CVE-2026-45006?

Within 24 hours: Identify all OpenClaw deployments and their current versions in your infrastructure. Within 7 days: Upgrade all affected instances to OpenClaw 2026.4.23 or later; test in non-production environment first to validate fail-closed allowlist behavior. Within 30 days: Audit gateway configuration change logs for unauthorized modifications; review and rotate any credentials that could have been exposed through config access; implement access controls limiting model-level permissions to OpenClaw gateways.

OpenClaw CVE-2026-45006

Q: What is the CVSS score of CVE-2026-45006?

CVE-2026-45006 has a CVSS 4.0 base score of 7.7 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-29151 HIGH

Incomplete List of Disallowed Inputs (CWE-184)

2026-05-11 VulnCheck

GHSA-8wcm-622f-3r46

Authentication Bypass

7.7

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

May 11, 2026 - 18:22 vuln.today

cvss_changed

CVSS changed

May 11, 2026 - 18:22 NVD

8.8 (HIGH) 7.7 (HIGH)

Source Code Evidence Fetched

May 11, 2026 - 17:47 vuln.today

Analysis Generated

May 11, 2026 - 17:47 vuln.today

CVE Published

May 11, 2026 - 16:46 nvd

HIGH 8.8

DescriptionNVD

OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows compromised models to write unsafe configuration changes by bypassing an incomplete denylist protection. Attackers can persist malicious config modifications affecting command execution, network behavior, credentials, and operator policies that survive restart.

AnalysisAI

Compromised AI models running with access to OpenClaw's gateway tool can persist malicious configuration changes affecting command execution, network endpoints, credentials, and security policies by exploiting an incomplete denylist that failed to protect newly added config paths. The vulnerability allows model-driven writes to sensitive config subtrees (command execution safeguards, proxy/TLS settings, telemetry hooks, operator policies) that survive restart, enabling persistent control beyond the intended model-to-operator trust boundary. …

RemediationAI

Within 24 hours: Identify all OpenClaw deployments and their current versions in your infrastructure. Within 7 days: Upgrade all affected instances to OpenClaw 2026.4.23 or later; test in non-production environment first to validate fail-closed allowlist behavior. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-45006 vulnerability details – vuln.today

Back

OpenClaw CVE-2026-45006

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

OpenClaw CVE-2026-45006

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code