Skip to main content

OpenClaw EUVDEUVD-2026-28186

| CVE-2026-44110 HIGH
Incorrect Authorization (CWE-863)
2026-05-06 disclosure@vulncheck.com GHSA-2gvc-4f3c-2855
7.7
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Patch available
May 06, 2026 - 21:03 EUVD
Source Code Evidence Fetched
May 06, 2026 - 20:35 vuln.today
Analysis Generated
May 06, 2026 - 20:35 vuln.today
CVE Published
May 06, 2026 - 20:16 nvd
HIGH 7.7

DescriptionCVE.org

OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without being in configured allowlists by posting in bot rooms, potentially enabling privileged OpenClaw behavior.

AnalysisAI

Authorization bypass in OpenClaw Matrix bot integration allows DM-paired attackers to execute privileged room control commands without configured permissions. Attackers who have previously established direct message pairing can exploit misaligned allowlist logic to run room control commands in bot rooms, bypassing room membership and allowlist requirements. Fixed in version 2026.4.15 after responsible disclosure by Keen Security Lab. No evidence of active exploitation; publicly available vendor advisory and fix commits reduce exploitation probability.

Technical ContextAI

OpenClaw is a Matrix protocol bot framework that maintains separate authorization contexts for direct messages (DMs) and room-based interactions. The vulnerability (CWE-863: Incorrect Authorization) stemmed from the room control-command authorization logic incorrectly consulting the DM pairing store when validating sender permissions for room commands. The pairing store tracks sender IDs authorized for one-on-one DM interactions, which should never grant authority over multi-user room control commands. The flawed implementation in access-state.ts merged DM pairing-store entries into the effective allowlist for room traffic, creating an authorization boundary confusion. Room control commands in Matrix bots typically drive privileged operations like configuration changes, data retrieval, or workflow triggers-making this bypass a path to unintended privilege escalation within the bot's operational scope.

RemediationAI

Upgrade to OpenClaw version 2026.4.15 or later, which contains authorization boundary fixes in commits f8705f512b09043df02b5da372c33374734bd921 (PR #67294) and 2bfd808a83116bd888e3e2633a61473fa2ed81b6 (PR #67325). The patch restructures room control-command authorization to exclude DM pairing-store entries from the room allowlist, enforcing strict separation between DM and room authorization contexts. Update instructions and release details are available at https://github.com/openclaw/openclaw/security/advisories/GHSA-2gvc-4f3c-2855. If immediate patching is not feasible, implement compensating controls: disable Matrix room control commands entirely via bot configuration, restrict bot room membership to only trusted administrator accounts, or implement out-of-band verification for room control command senders (noting this adds operational overhead and user friction). Audit existing DM pairing-store entries and remove any sender IDs that should not have room command access, though this provides only partial mitigation since the authorization logic flaw remains. Review bot command and tool policies to ensure room control commands do not expose overly privileged operations that could be abused. The side effect of disabling room control commands is loss of Matrix-based bot management functionality, requiring alternative administrative interfaces.

CVE-2026-28446 CRITICAL POC
9.4 Mar 05

Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.

CVE-2026-33579 CRITICAL POC
9.4 Mar 31

Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access b

CVE-2026-32042 HIGH POC
8.8 Mar 21

OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated att

CVE-2026-32051 HIGH POC
8.8 Mar 21

An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.

CVE-2026-25253 HIGH POC
8.8 Feb 01

OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs e

CVE-2026-32846 HIGH POC
8.7 Mar 26

Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files in

CVE-2026-32064 HIGH POC
7.7 Mar 21

OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, all

CVE-2026-32055 HIGH POC
7.6 Mar 21

OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace director

CVE-2026-32056 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run func

CVE-2026-32049 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consiste

CVE-2026-32048 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low

CVE-2026-25474 HIGH POC
7.5 Feb 19

OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSec

Share

EUVD-2026-28186 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy