EUVD-2026-17369
GHSA-xw77-45gv-p728
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
OpenClaw versions 2026.3.7 before 2026.3.11 contain an authorization bypass vulnerability where plugin subagent routes execute gateway methods through a synthetic operator client with broad administrative scopes. Remote unauthenticated requests to plugin-owned routes can invoke runtime.subagent methods to perform privileged gateway actions including session deletion and agent execution.
Analysis
Authorization bypass in OpenClaw 2026.3.7 through 2026.3.10 enables remote unauthenticated attackers to execute privileged gateway operations through plugin subagent routes. The vulnerability exploits synthetic operator clients with excessive administrative scopes, allowing attackers to delete sessions and execute agent commands without authentication. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all OpenClaw deployments and identify systems running versions 2026.3.7-2026.3.10; isolate affected gateway instances from untrusted networks. Within 7 days: Implement network segmentation restricting access to plugin subagent routes to trusted sources only; review and revoke synthetic operator client credentials with unnecessary administrative scopes. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today