Yekai Chen

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.3.12 **Description** OpenClaw contains an authorization bypass issue in the WebSocket connect path. This flaw allows shared-token or password-authenticated connections to self-declare elevated scopes, such as `operator.admin`, without server-side verification. An attacker can exploit this to perform administrative operations. The issue stems from a logic flaw where client-declared scopes were not properly bound on the server-side for certain connection types. This allowed a shared-authenticated client to present elevated scopes even without a device identity or trusted Control UI path. **Recommendations** Versions prior to 2026.3.12 should be updated to version 2026.3.12 or later.