GoClaw WebSocket Approval Endpoint Incorrect Authorization Vulnerability

Vulnerability

A vulnerability exists in GoClaw versions up to 3.13.2, specifically within the WebSocket approval endpoint. The issue arises in the 'RequestApproval' function of 'internal/tools/exec_approval.go', where the approval cache incorrectly handles 'allow-always' decisions. This flaw allows an operator to approve one BusyBox-wrapped command, which can then be exploited to execute different commands without additional approval, bypassing GoClaw's intended authorization process for executing host commands.

Impact

This vulnerability allows for a bypass of the execution approval process, enabling unauthorized commands to be executed on the host system with the same privileges as the GoClaw process. This could lead to unauthorized access to files, extraction of sensitive information such as credentials or tokens, and potentially compromise the system, depending on how GoClaw is deployed.

Reproduction

The vulnerability can be reproduced by approving a BusyBox command with 'allow-always' and then executing a different BusyBox command wrapped in the same 'sh -c' context. This can be done using the GoClaw HTTP tool invocation endpoint, which accepts commands as arguments and forwards them to be executed after the approval is evaluated.

Remediation

Users can update to GoClaw version 3.13.3 or later, where this vulnerability has been addressed.

Added: Jul 18, 2026, 2:23 PM
Updated: Jul 18, 2026, 2:23 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
10.0
exploitability
6.2
remediation
0.0
relevance
10.0
threat
6.4
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.