Main Vulnerability Database Vulnerabilities #VU125207

Incorrect authorization in OpenClaw - #VU125207

Published: April 8, 2026

Vulnerability identifier: #VU125207

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-863

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: OpenClaw

Affected software:
OpenClaw

Detailed vulnerability description

The vulnerability allows a remote user to bypass DM policy restrictions and send verification notices to unpaired peers.

The vulnerability exists due to incorrect authorization in matrix verification notices when sending verification notices in direct messages. A remote user can send a verification notice to a peer outside the allowed DM policy to bypass DM policy restrictions and send verification notices to unpaired peers.

Remediation

Install security update from vendor's website.

Sources

https://github.com/openclaw/openclaw/security/advisories/GHSA-9wqx-g2cw-vc7r

Incorrect authorization in OpenClaw - #VU125207

Detailed vulnerability description

Remediation

Sources

Please verify you're human