Main Vulnerability Database Vulnerabilities #VU132736

Incorrect authorization in OpenClaw - #VU132736

Published: May 29, 2026

Vulnerability identifier: #VU132736

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-863

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: OpenClaw

Affected software:
OpenClaw

Detailed vulnerability description

The vulnerability allows a remote user to bypass authorization checks.

The vulnerability exists due to improper access control in exported QQBot admin commands when handling command invocations through QQBot. A remote user can trigger the exported command from a sender or context that should have been blocked to bypass authorization checks.

Only configurations with the affected feature enabled and reachable are vulnerable.

Remediation

Install security update from vendor's website.

Sources

https://github.com/openclaw/openclaw/security/advisories/GHSA-w4v6-g3wm-w36c

Incorrect authorization in OpenClaw - #VU132736

Detailed vulnerability description

Remediation

Sources

Please verify you're human