OpenClaw Authorization Bypass Vulnerability in Matrix Profile Management
Vulnerability
A vulnerability in OpenClaw versions prior to 2026.4.10 allows for authorization bypass in Matrix profile management. The issue arises from insufficient access controls that enable non-owner message-tool executions to modify persistent profile configurations. This vulnerability exploits the operator.write message-tool paths, which should require admin-level permissions.
Impact
Exploitation of this vulnerability allows unauthorized users to alter Matrix profile settings, potentially leading to unauthorized actions or privileges within the application.
Reproduction
The vulnerability can be reproduced by sending a message through a non-owner message-tool that has been granted operator.write permissions. This message can include commands to update the Matrix profile, such as the 'set-profile' action. The changes will be applied successfully, despite the lack of proper authorization.
Remediation
Users can update to OpenClaw version 2026.4.10 or later, where this vulnerability has been addressed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.