Main Vulnerability Database Vulnerabilities #VU132741

Improper access control in OpenClaw - #VU132741

Published: May 29, 2026

Vulnerability identifier: #VU132741

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: OpenClaw

Affected software:
OpenClaw

Detailed vulnerability description

The vulnerability allows a remote user to bypass configured sender restrictions for command handling.

The vulnerability exists due to improper access control in QQBot pre-dispatch slash command handling when processing slash command invocations. A remote user can send a slash command from a sender that should have been blocked by the allowFrom policy to bypass configured sender restrictions for command handling.

Only deployments with the affected feature enabled and reachable are vulnerable.

Remediation

Install security update from vendor's website.

Sources

https://github.com/openclaw/openclaw/security/advisories/GHSA-77pv-3w4q-vrj5

Improper access control in OpenClaw - #VU132741

Detailed vulnerability description

Remediation

Sources

Please verify you're human