OpenClaw Authorization Bypass Vulnerability in Owner-Enforced Commands via Wildcard Channel Senders

A vulnerability allowing authorization bypass in owner-enforced commands has been identified in OpenClaw versions prior to 2026.4.21. This issue arises in 'command-auth.ts', where non-owner senders can execute owner-restricted slash commands. The vulnerability is triggered when channels are configured to accept wildcard inbound senders without explicit owner allowances. Exploitation involves sending commands such as '/send', '/config', or '/debug' on affected channels, bypassing the authorization checks that are meant to restrict these commands to owners only.

Impact

The vulnerability allows non-owner senders to execute owner-enforced slash commands on affected channels, bypassing the intended authorization checks. This could lead to unauthorized actions being performed in the channel, depending on the nature of the commands that are executed.

Reproduction

To reproduce this vulnerability, configure a channel plugin to enforce owner-only commands and allow wildcard inbound senders. Ensure that no explicit owner allowances are set. Once this configuration is in place, a non-owner sender can execute owner-restricted commands, bypassing the authorization checks.

Remediation

Users can upgrade to OpenClaw version 2026.4.21 or later, or reconfigure their channels to avoid wildcard sender policies on owner-enforced commands.