CVE-2026-28473

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.2

Description The software contains an authorization bypass issue where clients with operator.write scope can approve or deny exec approval requests by sending the /approve chat command. The /approve command path invokes exec.approval.resolve through an internal privileged gateway client, bypassing the operator.approvals permission check that protects direct RPC calls. This is particularly relevant in shared or multi-client setups where tokens are intentionally scoped differently. The vulnerable function is exec.approval.resolve. The API endpoint used is /approve.

Recommendations Upgrade to OpenClaw version 2026.2.2 or later. If an upgrade is not possible, avoid issuing write-only device tokens to untrusted clients. If an upgrade is not possible, disable text commands (commands.text=false). If an upgrade is not possible, restrict access to the webchat or control UI.