GHSA-VMHQ-CQM9-6P7Q: Privilege Escalation via Incorrect Authorization in OpenClaw Gateway
Vulnerability ID: GHSA-VMHQ-CQM9-6P7Q
CVSS Score: 7.1
Published: 2026-03-13
A high-severity authorization bypass vulnerability exists in the OpenClaw AI assistant platform. It permits users with write-scoped permissions to interact with restricted administrative endpoints. This flaw enables attackers to modify or delete persistent browser profiles, hijacking browser infrastructure via malicious Chrome DevTools Protocol (CDP) URLs.
TL;DR
OpenClaw prior to version 2026.3.11 fails to restrict access to internal browser profile management routes. Authenticated users with operator.write scope can create or delete persistent browser profiles, enabling infrastructure hijacking.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-863
- Attack Vector: Network
- CVSS Base Score: 7.1
- Privileges Required: Low (operator.write)
- Integrity Impact: High
- Exploit Status: Proof of Concept
Affected Systems
- OpenClaw
-
OpenClaw: < 2026.3.11 (Fixed in:
2026.3.11)
Mitigation Strategies
- Upgrade OpenClaw deployment to version 2026.3.11 or higher.
- Audit existing persistent browser profiles for unauthorized CDP URLs.
- Implement principle of least privilege for operator and subagent accounts.
Remediation Steps:
- Verify the currently installed version of the OpenClaw package.
- Pull the latest container image or update the npm package to
2026.3.11. - Restart the OpenClaw gateway service.
- Review the internal registry logs for any historical anomalous requests to
/profiles/createor/profiles/:name.
References
Read the full report for GHSA-VMHQ-CQM9-6P7Q on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)