PT-2026-27153 · Npm · Openclaw
Published
2026-03-13
·
Updated
2026-03-13
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Summary
In affected versions of
openclaw, channel-initiated config mutations were authorized against the originating account's configWrites policy but did not consistently re-check the targeted account scope. An authorized sender on one account could mutate protected sibling-account configuration when the target account had configWrites: false.Impact
This is an account-scoped policy bypass inside a single gateway deployment. Channel commands such as
/config set channels.<provider>.accounts.<id>... and config-backed /allowlist ... --config --account <id> could modify protected sibling-account configuration.Affected Packages and Versions
- Package:
openclaw(npm) - Affected versions:
<= 2026.3.8 - Fixed in:
2026.3.11
Technical Details
The mutation path validated the origin account scope but did not consistently authorize every resolved target scope. Ambiguous collection and root writes under
channels and channels.<provider>.accounts could therefore reach protected account configuration from channel command surfaces.Fix
OpenClaw now authorizes config mutations against both the origin scope and each resolved target scope, and it rejects ambiguous root and collection writes from channel commands unless the caller is an internal gateway client with
operator.admin. The fix shipped in openclaw@2026.3.11.Workarounds
Upgrade to
2026.3.11 or later.Fix
Missing Authorization
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Openclaw