GHSA-PJVX-RX66-R3FG: Cross-account sender authorization expansion in OpenClaw
Vulnerability ID: GHSA-PJVX-RX66-R3FG
CVSS Score: 6.5
Published: 2026-03-09
GHSA-PJVX-RX66-R3FG is a moderate severity authorization expansion vulnerability in the OpenClaw AI agent framework. It arises from improper account scoping when writing to the persistent pairing store via the /allowlist command, allowing sub-account users to elevate their privileges to the default account scope.
TL;DR
Improper account scoping in OpenClaw's /allowlist command allows an authenticated sub-account user to write global authorization entries, escalating privileges to the framework's primary default account.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-285, CWE-668
- Attack Vector: Network
- CVSS Score: 6.5 (Moderate)
- Impact: High Integrity
- Exploit Status: Proof of Concept
- KEV Status: Not Listed
Affected Systems
- OpenClaw AI agent framework
-
OpenClaw: < 2026.3.7 (Fixed in:
2026.3.7)
Code Analysis
Commit: 70da80b
Fix cross-account sender authorization expansion in /allowlist command
Mitigation Strategies
- Upgrade OpenClaw framework to the patched version
- Manually edit JSON credential files to enforce scoping
- Restrict permissions for the /allowlist command
Remediation Steps:
- Update the OpenClaw installation to v2026.3.7 or later.
- Inspect the
~/.openclaw/credentials/*.jsonfiles on the host filesystem. - Identify any authorization entries that lack the
accountIdkey. - Delete the unscoped entries or manually append the correct
accountIdto each. - Restart the OpenClaw service to ensure the new configuration is loaded.
References
- GitHub Advisory: GHSA-PJVX-RX66-R3FG
- Fix Commit: 70da80bcb5574a10925469048d2ebb2abf882e73
- OpenClaw Release 2026.3.7
- OpenClaw Documentation (Security)
Read the full report for GHSA-PJVX-RX66-R3FG on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)