CVE-2026-41908: Scope Enforcement Bypass in OpenClaw Assistant Media Route
Vulnerability ID: GHSA-V8QF-FR4G-28P2
CVSS Score: 4.3
Published: 2026-04-25
OpenClaw versions prior to 2026.4.20 contain a medium-severity authorization bypass vulnerability in the assistant-media gateway route. When configured behind a trusted proxy, the application fails to validate operator scopes, allowing authenticated users with unrelated privileges to access sensitive media files.
TL;DR
An incorrect authorization vulnerability in OpenClaw's proxy authentication mode allows authenticated users to bypass scope restrictions and read arbitrary assistant media files. The issue is fixed in version 2026.4.20.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-863
- Attack Vector: Network
- CVSS v3.1 Score: 4.3
- EPSS Score: 0.00025
- Impact: Confidentiality
- Exploit Status: PoC
- CISA KEV: False
Affected Systems
- OpenClaw Gateway
-
OpenClaw Gateway: < 2026.4.20 (Fixed in:
2026.4.20)
Code Analysis
Commit: 99ef3a6
Security patch implementing scope enforcement for proxy-authenticated requests on the assistant-media route
Mitigation Strategies
- Software Update
- Proxy Configuration Modification
- WAF Rule Deployment
Remediation Steps:
- Verify the current running version of the OpenClaw gateway.
- Pull the updated Docker image or source code for OpenClaw version 2026.4.20.
- Deploy the updated gateway in a staging environment to verify stability and integration with the upstream proxy.
- Roll out the patched version to production systems.
- If patching is delayed, update NGINX/proxy configurations to restrict the
/__openclaw__/assistant-mediaroute to identities holding theoperator.readscope.
References
- GitHub Advisory: GHSA-v8qf-fr4g-28p2
- OpenClaw Fix Commit
- VulnCheck Advisory
- NVD Vulnerability Detail
Read the full report for GHSA-V8QF-FR4G-28P2 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)