Home

Description

OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the chat.send gateway method where ACP-only provenance fields are gated by self-declared client metadata from WebSocket handshake rather than verified authorization state. Authenticated operator clients can spoof ACP identity labels and inject reserved provenance fields intended only for the ACP bridge by manipulating client metadata during connection.

PUBLISHED Reserved 2026-04-20 | Published 2026-04-20 | Updated 2026-04-21 | Assigner VulnCheck




HIGH: 7.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N

HIGH: 7.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Problem types

CWE-807 Reliance on Untrusted Inputs in a Security Decision

Product status

Default status
unaffected

Any version before 2026.3.28
affected

2026.3.28 (semver)
unaffected

Credits

Peng Zhou (@zpbrent) reporter

References

github.com/...enclaw/security/advisories/GHSA-6xg4-82hv-cp6f (GitHub Security Advisory (GHSA-6xg4-82hv-cp6f)) vendor-advisory

www.vulncheck.com/...g-in-chat-send-gateway-provenance-guard (VulnCheck Advisory: OpenClaw < 2026.3.28 - Client Identity Spoofing in chat.send Gateway Provenance Guard) third-party-advisory

cve.org (CVE-2026-41299)

nvd.nist.gov (CVE-2026-41299)

Download JSON