GHSA-39MP-545Q-W789: GHSA-39MP-545Q-W789: Improper Authorization in OpenClaw /send Command

#security #cve #cybersecurity #ghsa

GHSA-39MP-545Q-W789: Improper Authorization in OpenClaw /send Command

Vulnerability ID: GHSA-39MP-545Q-W789
CVSS Score: 5.4
Published: 2026-03-30

An authorization bypass vulnerability in the OpenClaw personal AI assistant ecosystem allows non-owner users with generic command permissions to persistently modify session-specific message delivery policies. By issuing the /send command, attackers can silence the agent or force unintended message delivery.

TL;DR

OpenClaw versions prior to 2026.3.27 fail to verify session ownership when processing the /send command. This improper authorization allows any command-authorized user in a shared session to alter the agent's delivery policy, leading to localized service disruption and configuration overrides.

Technical Details

CWE ID: CWE-285 (Improper Authorization)
Attack Vector: Network
CVSS v3.1 Score: 5.4 (Medium)
Impact: Low Integrity, Low Availability
Exploit Status: None / Theoretical
CISA KEV: Not Listed

Affected Systems

OpenClaw personal AI assistant ecosystem
OpenClaw gateway-chat module
openclaw: < 2026.3.27 (Fixed in: 2026.3.27)

Mitigation Strategies

Upgrade the OpenClaw npm package to version 2026.3.27 or newer.
Restrict generic command access by auditing the commands.allowFrom configuration list.
Ensure all custom command handlers modifying session state enforce ownerOnly privilege checks.

Remediation Steps:

Identify the current version of the OpenClaw package running in the environment.
Execute npm install openclaw@latest to pull the patched release.
Review the config.json file and minimize the number of users listed in commands.allowFrom.
Restart the OpenClaw service to apply the updated code and configuration.