OpenClaw Prototype Pollution Vulnerability via Debug Override Path

A prototype pollution vulnerability has been identified in OpenClaw versions prior to 2026.2.21. The issue arises because the application accepts prototype-reserved keys in runtime '/debug set' override object values. This allows authorized callers to inject keys such as '__proto__', 'constructor', or 'prototype' to manipulate object prototypes and bypass command gate restrictions. The vulnerability affects runtime in-memory overrides only, which are non-persistent and cleared on restart or reset.

Impact

Exploitation of this vulnerability allows for prototype pollution, where an attacker can manipulate object prototypes by injecting reserved keys. This could lead to bypassing command gate restrictions, potentially allowing unauthorized access to certain commands or functionalities within the application.

Reproduction

To reproduce this vulnerability, an authorized caller can send a '/debug set' command with a payload that includes prototype-reserved keys such as '__proto__', 'constructor', or 'prototype'. This will override the default object values and can be used to manipulate object prototypes. After injecting the keys, the caller can access restricted commands that were enabled through the prototype manipulation.

Remediation

Users can update to OpenClaw version 2026.2.21 or later, where this vulnerability has been patched.