OpenClaw Missing Authorization Enforcement on ACP Commands Privilege Escalation Vulnerability

A vulnerability exists in OpenClaw versions prior to 2026.3.22, where the operator.admin scope is not properly enforced on mutating internal ACP chat commands. This oversight allows unauthorized users to make changes by directly invoking these ACP commands, bypassing the necessary authorization checks. As a result, attackers without admin privileges can execute mutating control-plane actions.

Impact

Exploitation of this vulnerability allows unauthorized users to perform mutating actions on the control plane via internal ACP commands, potentially leading to unauthorized modifications within the application.

Reproduction

To reproduce this vulnerability, use an OpenClaw version prior to 2026.3.22. Without admin privileges, invoke mutating ACP commands that are not gated by the operator.admin scope. This can be done through the ACP command interface, where the lack of proper authorization enforcement will allow the actions to be executed successfully.

Remediation

Users can upgrade to OpenClaw version 2026.3.22 or later, where this vulnerability has been addressed.