OpenClaw Authorization Bypass Vulnerability in ToolsBySender Group Policy Matching

A vulnerability allowing authorization bypass in OpenClaw has been identified in versions prior to 2026.2.22. This issue arises within the toolsBySender group policy matching, where attackers can exploit identifier collisions involving mutable identity values, such as senderName or senderUsername. By forcing these collisions, attackers can bypass sender-authorization policies and gain unauthorized access to elevated tool permissions. The vulnerability is particularly concerning for deployments that use untyped sender keys, as it allows for the exploitation of sender-authorization mechanisms to inherit privileged tool access intended for other users.

Impact

Exploitation of this vulnerability allows for sender-authorization bypass in group tool policy matching, enabling attackers to gain unauthorized access to privileged tools by manipulating identity values to create collisions.

Reproduction

To reproduce this vulnerability, use an OpenClaw deployment version prior to 2026.2.22 that has group policies configured to use the toolsBySender feature with untyped keys. Introduce a collision by using a sender key that overlaps with a mutable identity value, such as senderName or senderUsername. This can be done by crafting a sender key that mimics the identity value of another user, thereby bypassing the authorization checks and gaining access to tools that are not rightfully available.

Remediation

Users can update to OpenClaw version 2026.2.22 or later, where this vulnerability has been patched.