OpenClaw WebSocket Authorization Bypass Vulnerability Allowing Scope Elevation
Vulnerability
A vulnerability allowing authorization bypass has been identified in OpenClaw versions prior to 2026.3.12. This issue resides in the WebSocket connection process, where shared-token or password-authenticated connections can self-declare elevated scopes without proper server-side validation. Exploiting this flaw, attackers could present unauthorized scopes, such as 'operator.admin', and execute admin-only operations within the gateway.
Impact
Exploitation of this vulnerability could enable a shared-secret-authenticated backend client to perform administrative tasks on the gateway, bypassing intended authorization controls.
Remediation
Users can upgrade to OpenClaw version 2026.3.12 or later, where this vulnerability has been fixed. The updated version ensures that unbound scopes are cleared for non-Control-UI shared-auth connections, and regression tests have been added to cover this authentication path.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.