OpenClaw Agentic Consent Bypass Vulnerability Allowing Unauthorized Execution
Vulnerability
A consent bypass vulnerability has been identified in OpenClaw versions prior to 2026.3.28. This vulnerability allows LLM agents to silently disable execution approval by using the config.patch parameter. Remote attackers can exploit this issue to bypass security controls and execute unauthorized operations without user consent.
Impact
Exploitation of this vulnerability allows for unauthorized execution of operations, bypassing user consent and established security controls.
Reproduction
The vulnerability can be reproduced by sending a config.patch request that alters execution approval settings. This can be done by using an LLM agent to apply a patch that changes the 'ask' or 'security' parameters within the 'tools.exec' configuration. The agent can then execute commands that require approval, which will be granted automatically, without user knowledge.
Remediation
Users can update to OpenClaw version 2026.3.28 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.