Main Vulnerability Database Vulnerabilities #VU132725

Improper access control in OpenClaw - #VU132725

Published: May 29, 2026

Vulnerability identifier: #VU132725

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: OpenClaw

Affected software:
OpenClaw

Detailed vulnerability description

The vulnerability allows a remote user to modify global configuration.

The vulnerability exists due to improper access control in Active Memory write scope handling when processing Gateway command requests. A remote user can invoke the affected command with operator.write access to modify global configuration.

Only deployments where the affected feature is enabled and reachable are vulnerable.

Remediation

Install security update from vendor's website.

Sources

https://github.com/openclaw/openclaw/security/advisories/GHSA-x629-46cc-7xgw

Improper access control in OpenClaw - #VU132725

Detailed vulnerability description

Remediation

Sources

Please verify you're human