Main Vulnerability Database Vulnerabilities #VU132767

Improper access control in OpenClaw - #VU132767

Published: May 29, 2026

Vulnerability identifier: #VU132767

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: OpenClaw

Affected software:
OpenClaw

Detailed vulnerability description

The vulnerability allows a remote user to modify configuration.

The vulnerability exists due to improper access control in the QQBot streaming command when handling requests to the affected command with the feature enabled and reachable. A remote user can send a request through a reachable QQBot sender path to modify configuration.

Only deployments where the affected feature is enabled and lower-trust input can reach the command are exposed.

Remediation

Install security update from vendor's website.

Sources

https://github.com/openclaw/openclaw/security/advisories/GHSA-jvm4-4j77-39p6

Improper access control in OpenClaw - #VU132767

Detailed vulnerability description

Remediation

Sources

Please verify you're human