DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-R7VR-GR74-94P8: GHSA-r7vr-gr74-94p8: Improper Authorization and Privilege Escalation in OpenClaw

#security #cve #cybersecurity #ghsa

GHSA-r7vr-gr74-94p8: Improper Authorization and Privilege Escalation in OpenClaw

Vulnerability ID: GHSA-R7VR-GR74-94P8
CVSS Score: 8.8
Published: 2026-03-13

OpenClaw versions prior to v2026.3.12 contain an improper authorization vulnerability in the command dispatcher logic. A missing ownership validation check allows any user on the general allowlist to execute highly sensitive administrative commands. This flaw exposes the bot configuration and debug surfaces, leading to potential information disclosure and service disruption.

TL;DR

A missing authorization gate in OpenClaw allows standard authorized users to bypass access controls and execute administrative commands like /config and /debug. Upgrading to v2026.3.12 mitigates the issue by enforcing strict owner validation checks.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-285, CWE-863
  • Attack Vector: Network
  • CVSS Score: 8.8
  • Impact: Privilege Escalation, Information Disclosure
  • Exploit Status: Proof-of-Concept
  • KEV Status: Not Listed

Affected Systems

  • OpenClaw
  • OpenClaw: < v2026.3.12 (Fixed in: v2026.3.12)

Code Analysis

Commit: 08aa57a

Introduce rejectNonOwnerCommand gate and apply to config and debug handlers

Mitigation Strategies

  • Upgrade OpenClaw instances to version v2026.3.12 or later.
  • Rotate any API keys, database credentials, or access tokens managed by the bot if exploitation is suspected.
  • Enforce strict identity-based access controls for internal message channels.

Remediation Steps:

  1. Pull the latest openclaw release from the package repository (v2026.3.12).
  2. Rebuild and deploy the bot application.
  3. Monitor application logs for the message pattern Ignoring /config from non-owner sender.
  4. Test the configuration endpoints using a standard non-owner user account to ensure access is denied.

References

Read the full report for GHSA-R7VR-GR74-94P8 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)