Primary

Context

OpenClaw Authorization Bypass Vulnerability Allowing Unauthorized Configuration Changes on Sibling Accounts

Vulnerability

An authorization bypass vulnerability has been identified in OpenClaw versions prior to 2026.3.11. This vulnerability allows channel commands to modify protected configuration on sibling accounts, despite existing restrictions. Attackers with authorized access to one account can use channel commands to alter settings on target accounts that have 'configWrites' disabled.

Impact

Exploitation of this vulnerability allows for unauthorized modifications to account-specific configurations on sibling accounts, potentially leading to misconfigurations or unauthorized access to features or settings.

Remediation

Users are advised to upgrade to OpenClaw version 2026.3.11 or later.

Added: Mar 31, 2026, 12:24 PM

Updated: Mar 31, 2026, 12:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.8

remediation

0.0

relevance

5.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.8

remediation

0.0

relevance

5.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenClaw Authorization Bypass Vulnerability Allowing Unauthorized Configuration Changes on Sibling Accounts

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating