Incorrect authorization in OpenClaw - #VU135884
Published: June 30, 2026
OpenClaw
Detailed vulnerability description
The vulnerability allows a remote user to execute or persist actions beyond the caller's intended authorization.
The vulnerability exists due to incorrect authorization in isolated cron jobs when the affected feature is enabled and reachable. A remote user can supply lower-trust input to that path to execute or persist actions beyond the caller's intended authorization.
This issue is limited to the named feature and configuration.