DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-943Q-MWMV-HHVH: GHSA-943Q-MWMV-HHVH: Privilege Escalation and RCE in OpenClaw Gateway

#security #cve #cybersecurity #ghsa

GHSA-943Q-MWMV-HHVH: Privilege Escalation and RCE in OpenClaw Gateway

Vulnerability ID: GHSA-943Q-MWMV-HHVH
CVSS Score: 8.8
Published: 2026-03-02

A critical privilege escalation vulnerability exists in the OpenClaw Gateway and Agent Control Policy (ACP) client, allowing authenticated attackers to bypass security boundaries and execute arbitrary code. The flaw stems from the improper exposure of orchestration tools via the HTTP API combined with a heuristic failure in the permission approval logic, enabling the spawning of unconstrained agent sessions.

TL;DR

OpenClaw versions prior to 2026.2.14 expose sensitive orchestration tools via the Gateway API and use a flawed substring matching heuristic for permission auto-approval. This allows attackers with basic API access to spawn high-privilege sessions and achieve Remote Code Execution (RCE).

⚠️ Exploit Status: POC

Technical Details

  • Attack Vector: Network (API)
  • CVSS v3.1 (Estimated): 8.8 (High)
  • CWE IDs: CWE-269 (Privilege Escalation), CWE-862 (Missing Authorization)
  • Bug Class: Logic Error / Insecure Heuristic
  • Affected Component: API Dispatcher & ACP Client
  • Exploit Status: PoC Available

Affected Systems

  • OpenClaw Gateway
  • OpenClaw Agent Control Policy (ACP) Client
  • OpenClaw: < 2026.2.14 (Fixed in: 2026.2.14)

Code Analysis

Commit: 153a764

Fix Commit: tighten safe kind inference

Commit: ee31cd4

Fix Commit: gateway HTTP deny config

Mitigation Strategies

  • Upgrade to Patched Version
  • Gateway Configuration Hardening
  • Network Segmentation
  • Credential Rotation

Remediation Steps:

  1. Update the openclaw package to version 2026.2.14 or later immediately via your package manager (e.g., npm update openclaw).
  2. Review the config.json5 file and verify that gateway.bind is set to loopback (127.0.0.1) unless external access is explicitly required.
  3. Audit the gateway.tools.allow list to ensure no orchestration tools (sessions_spawn, gateway, sessions_send) are manually whitelisted.
  4. Rotate any Gateway tokens or passwords that may have been exposed or used in potential exploitation attempts.

References

Read the full report for GHSA-943Q-MWMV-HHVH on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)