Incorrect authorization in OpenClaw - #VU135872
Published: June 30, 2026
OpenClaw
Detailed vulnerability description
The vulnerability allows a remote user to execute or persist actions beyond the caller's intended authorization.
The vulnerability exists due to incorrect authorization in flock wrapper when the affected feature is enabled and reachable. A remote user can invoke a lower-trust caller or configured input path to execute or persist actions beyond the caller's intended authorization.
This issue is limited to the named feature and configuration.