CVE-2026-43568 | THREATINT

Description

OpenClaw versions 2026.4.5 before 2026.4.10 contain a privilege escalation vulnerability allowing write-scoped operators to modify persistent memory dreaming settings. Attackers with write-scoped gateway access can toggle admin-class configuration mutations through the /dreaming endpoint to escalate privileges.

PUBLISHED Reserved 2026-05-01 | Published 2026-05-05 | Updated 2026-05-05 | Assigner VulnCheck

HIGH: 7.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Problem types

CWE-862 Missing Authorization

Product status

Default status

unaffected

2026.4.5 (semver) before 2026.4.10

affected

2026.4.10 (semver)

unaffected

Credits

Peng Zhou (@zpbrent) reporter

References

github.com/...enclaw/security/advisories/GHSA-5gjc-grvm-m88j (GitHub Security Advisory (GHSA-5gjc-grvm-m88j)) vendor-advisory

github.com/...ommit/6af17b39e11f5f35e23b7e5a5f71a7d0aa3c7310 (Patch Commit) patch

www.vulncheck.com/...ming-configuration-in-dreaming-endpoint (VulnCheck Advisory: OpenClaw 2026.4.5 < 2026.4.10 - Privilege Escalation via Memory Dreaming Configuration in /dreaming Endpoint) third-party-advisory

cve.org (CVE-2026-43568)

nvd.nist.gov (CVE-2026-43568)

Download JSON