DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-7JM2-G593-4QRC: GHSA-7jm2-g593-4qrc: Unauthorized Configuration Mutation in OpenClaw Agent Gateway

#security #cve #cybersecurity #ghsa

GHSA-7jm2-g593-4qrc: Unauthorized Configuration Mutation in OpenClaw Agent Gateway

Vulnerability ID: GHSA-7JM2-G593-4QRC
CVSS Score: 5.5
Published: 2026-04-25

The OpenClaw agent gateway contains a medium-severity vulnerability in its configuration mutation guard. This flaw allows an AI agent to bypass validation checks and modify protected operator-level settings, leading to potential sandbox escapes, SSRF policy violations, and unauthorized execution of arbitrary commands.

TL;DR

OpenClaw versions prior to 2026.4.20 fail to perform deep recursive validation on configuration arrays, allowing untrusted AI agents to bypass mutation guards and alter protected settings like sandbox restrictions and SSRF policies.

⚠️ Exploit Status: POC

Technical Details

  • Primary CWE: CWE-285: Improper Authorization
  • Secondary CWE: CWE-184: Incomplete List of Disallowed Elements
  • Attack Vector: Prompt Injection leading to API Abuse
  • Impact: Arbitrary Code Execution / SSRF Bypass
  • Exploit Status: Proof of Concept Available
  • Remediation: Upgrade to version 2026.4.20

Affected Systems

  • OpenClaw agent gateway (versions prior to 2026.4.20)
  • Node.js environments executing the openclaw npm package
  • openclaw: < 2026.4.20 (Fixed in: 2026.4.20)

Code Analysis

Commit: fe30b31

Fix gateway config mutation guard bypass by adding array validation, identity-aware tracking, and expanding the protected paths denylist.

Mitigation Strategies

  • Upgrade the OpenClaw npm package to a non-vulnerable version.
  • Restrict the AI agent's access to the gateway tool via application-level access controls.
  • Implement deep validation logic for nested JSON configurations to prevent array-based evasion.
  • Monitor audit logs for unusual configuration mutations originating from the AI agent.

Remediation Steps:

  1. Identify all deployed instances of the OpenClaw package.
  2. Update the package.json dependency to specifically require openclaw@2026.4.20 or higher.
  3. Execute package manager updates (e.g., npm install openclaw@latest).
  4. Restart the OpenClaw service application to load the patched configuration guard.
  5. Review historical logs for unauthorized modifications to sandbox.mode or browser.ssrfPolicy.

References

Read the full report for GHSA-7JM2-G593-4QRC on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)