OpenClaw Configuration Management Vulnerability Allowing Bypass of Revocation Controls
Vulnerability
A configuration management vulnerability has been identified in OpenClaw versions prior to 2026.3.31. The issue arises because the application's startup migration process incorrectly interprets empty-array settings as absent values. This flaw enables attackers to restart the application and restore revoked Tlon configurations from the file state, circumventing the intended revocation controls.
Impact
Exploitation of this vulnerability allows for the unauthorized restoration of revoked Tlon configuration settings, potentially reactivating features or permissions that were intended to be disabled.
Reproduction
To reproduce this vulnerability, first, revoke specific Tlon configuration settings that are represented as empty arrays. After revocation, restart the OpenClaw application. The startup migration process will rehydrate the revoked settings from the file state, effectively bypassing the revocation.
Remediation
Users can update to OpenClaw version 2026.3.31 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.