Incorrect authorization in OpenClaw - #VU125185
Published: April 8, 2026
OpenClaw
Detailed vulnerability description
The vulnerability allows a remote user to perform unauthorized queued node actions.
The vulnerability exists due to incorrect authorization in queued node action delivery when delivering previously queued actions after command policy changes. A remote user can queue an action before policy tightening and have it delivered later to perform unauthorized queued node actions.