SB2026052915 - Multiple vulnerabilities in OpenClaw
Published: May 29, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 8 vulnerabilities.
1) Improper access control (CVE-ID: N/A)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to bypass owner-only command restrictions.
The vulnerability exists due to improper access control in native command authorization when handling native command requests. A remote user can trigger native command handling to bypass owner-only command restrictions.
Exploitation is possible only when the affected feature is enabled and reachable, and practical impact depends on whether lower-trust input can reach that path.
2) Improper access control (CVE-ID: N/A)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to bypass Telegram sender allowlist restrictions.
The vulnerability exists due to improper access control in Telegram interactive callbacks when processing callback invocations before applying commands.allowFrom. A remote user can invoke an affected callback to bypass Telegram sender allowlist restrictions.
Only configurations with the affected Telegram interactive callback feature enabled and reachable are vulnerable.
3) Improper access control (CVE-ID: N/A)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to modify global configuration.
The vulnerability exists due to improper access control in Active Memory write scope handling when processing Gateway command requests. A remote user can invoke the affected command with operator.write access to modify global configuration.
Only deployments where the affected feature is enabled and reachable are vulnerable.
4) Improper access control (CVE-ID: N/A)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to bypass hook-based auditing or policy checks.
The vulnerability exists due to improper access control in the skill-command dispatch path when processing skill commands through the affected feature. A remote user can invoke a skill command through that path to bypass hook-based auditing or policy checks.
Only instances where the affected feature is enabled and reachable are vulnerable.
5) Improper access control (CVE-ID: N/A)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to bypass an approval step and apply a workshop change.
The vulnerability exists due to improper access control in the Skill Workshop apply flow when handling an agent tool call reaching the apply path. A remote attacker can trigger the affected apply path to bypass an approval step and apply a workshop change.
Only instances with the affected feature enabled and reachable are vulnerable, and user interaction is required.
6) Improper access control (CVE-ID: N/A)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to modify sender-agent binding state beyond the intended policy.
The vulnerability exists due to improper access control in Feishu dynamic-agent bindings when handling create or update binding operations with dynamic-agent binding behavior enabled. A remote user can create or update bindings without honoring the configured config-write control to modify sender-agent binding state beyond the intended policy.
Only instances with the affected feature enabled and reachable are vulnerable.
7) Input validation error (CVE-ID: N/A)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a local user to execute shell content outside the intended allowlist check.
The vulnerability exists due to improper input validation in the macOS Swift exec allowlist logic when processing command requests using combined POSIX inline-command flags. A local user can send a specially crafted command request to execute shell content outside the intended allowlist check.
Only instances where the affected feature is enabled and reachable are vulnerable. User interaction is required.
8) Improper access control (CVE-ID: N/A)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to bypass channel policy checks.
The vulnerability exists due to improper access control in Mattermost handlers when processing a Mattermost event with missing channel type metadata. A remote user can send a specially crafted event to bypass channel policy checks.
Only instances with the affected feature enabled and reachable are vulnerable.
Remediation
Install update from vendor's website.
References
- https://github.com/openclaw/openclaw/security/advisories/GHSA-p73f-w79w-jqr5
- https://github.com/openclaw/openclaw/security/advisories/GHSA-w5ww-7chg-mxcq
- https://github.com/openclaw/openclaw/security/advisories/GHSA-x629-46cc-7xgw
- https://github.com/openclaw/openclaw/security/advisories/GHSA-68xw-r643-9p5w
- https://github.com/openclaw/openclaw/security/advisories/GHSA-cqwv-9qjx-vxw2
- https://github.com/openclaw/openclaw/security/advisories/GHSA-3wqp-prf6-2m72
- https://github.com/openclaw/openclaw/security/advisories/GHSA-c226-q6fx-6j6c
- https://github.com/openclaw/openclaw/security/advisories/GHSA-gp79-m99v-gjmh