Home

Description

OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route that allows scoped clients to execute privileged commands. Attackers with operator.write scope can deliver commands through inherited external routes to bypass operator.approvals and operator.admin scope requirements, enabling unauthorized plugin, config, MCP, allowlist, and ACP mutations.

PUBLISHED Reserved 2026-04-04 | Published 2026-05-29 | Updated 2026-05-29 | Assigner VulnCheck




HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

Incorrect Authorization

Product status

Default status
unaffected

Any version before 2026.5.18
affected

2026.5.18 (semver)
unaffected

Credits

Dikai Zou reporter

References

github.com/...enclaw/security/advisories/GHSA-hw9r-h9mr-4jff (GitHub Security Advisory (GHSA-hw9r-h9mr-4jff)) vendor-advisory

www.vulncheck.com/...pe-bypass-via-inherited-chat-send-route third-party-advisory

cve.org (CVE-2026-35674)

nvd.nist.gov (CVE-2026-35674)

Download JSON