Main Vulnerability Database Vulnerabilities #VU132703

Incorrect authorization in OpenClaw - #VU132703

Published: May 29, 2026

Vulnerability identifier: #VU132703

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-863

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: OpenClaw

Affected software:
OpenClaw

Detailed vulnerability description

The vulnerability allows a remote user to bypass authorization controls and disclose, modify, or disrupt exec lifecycle handling.

The vulnerability exists due to improper access control in the node event boundary when processing crafted node.event messages for exec lifecycle events. A remote privileged user can send a specially crafted node.event message to bypass authorization controls and disclose, modify, or disrupt exec lifecycle handling.

Exploitation requires control of a paired node connection, and the target agent or session must be able to process exec lifecycle events.

Remediation

Install security update from vendor's website.

Sources

https://github.com/openclaw/openclaw/security/advisories/GHSA-3c6j-hq33-3jv4

Incorrect authorization in OpenClaw - #VU132703

Detailed vulnerability description

Remediation

Sources

Please verify you're human