Primary

Context

OpenClaw Authorization Mismatch Vulnerability Allowing Privilege Escalation in Agent Runs

Vulnerability

A vulnerability in OpenClaw versions prior to 2026.3.1 allows an authorization mismatch that enables authenticated users with operator.write scope to access owner-only tool surfaces, such as gateway and cron, through agent runs in scoped-token deployments. This vulnerability arises from inconsistent owner-only gating during agent execution, allowing write-scoped users to perform control-plane actions beyond their authorized level.

Impact

Exploitation of this vulnerability could lead to unauthorized control-plane actions by write-scoped users, bypassing intended authorization limits.

Remediation

Users can upgrade to OpenClaw version 2026.3.1 or later to address this vulnerability.

Added: Mar 21, 2026, 1:30 AM

Updated: Mar 21, 2026, 1:30 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

4.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

4.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenClaw Authorization Mismatch Vulnerability Allowing Privilege Escalation in Agent Runs

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating