OpenClaw Authorization Bypass Vulnerability in Matrix Room Control Commands

An authorization bypass vulnerability has been identified in OpenClaw versions prior to 2026.4.15. This vulnerability exists in the Matrix room control-command authorization process, which improperly trusts entries from the direct message (DM) pairing store. As a result, attackers with DM-paired sender IDs can execute room control commands without being on the necessary allowlists. This is achieved by posting in bot rooms, potentially allowing access to privileged OpenClaw functionalities.

Impact

Exploitation of this vulnerability allows DM-paired Matrix senders to bypass authorization controls and execute room control commands without being on the room allowlist, membership list, or group allowlist. This could lead to unauthorized changes in the room or application behavior, depending on the commands executed and the specific OpenClaw deployment.

Reproduction

To reproduce this vulnerability, a sender ID must be paired through the Matrix DM pairing store and then used to send a message in a bot room. The OpenClaw deployment must be configured to allow room control commands to be triggered by messages in the bot room. Once these conditions are met, the sender can execute room control commands that will be processed as if they were authorized, despite not being on the required allowlists.

Remediation

Users can upgrade to OpenClaw version 2026.4.15 or later, which addresses this vulnerability by removing the trust in DM pairing-store entries for room command authorization. Instructions for upgrading can be found in the OpenClaw documentation.