Primary

Context

OpenClaw Policy Bypass Vulnerability Allowing Unauthorized Command Execution

Vulnerability

A policy bypass vulnerability has been identified in OpenClaw versions prior to 2026.3.22. This vulnerability arises because queued node actions are not revalidated against the current command policy at the time of delivery. As a result, stale allowlists or declarations can persist through policy changes, enabling the execution of unauthorized commands.

Impact

Exploitation of this vulnerability allows for unauthorized command execution on nodes where the policy has been tightened, but stale allowlists or declarations remain.

Reproduction

To reproduce this vulnerability, first, create a node action that is allowed by the current policy. Then, tighten the command policy to disallow that action. When the queued action is delivered, it will bypass the new policy and execute the action, demonstrating the policy bypass vulnerability.

Remediation

Users can update to OpenClaw version 2026.3.22 or later, where this vulnerability has been fixed.

Added: Apr 10, 2026, 6:33 PM

Updated: Apr 10, 2026, 6:33 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.7

remediation

0.0

relevance

5.6

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.7

remediation

0.0

relevance

5.6

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenClaw Policy Bypass Vulnerability Allowing Unauthorized Command Execution

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating