CVE-2026-35620

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.24

Description OpenClaw versions before 2026.3.24 contain missing authorization checks in the /send and /allowlist chat command handlers. The /send command allows non-owner command-authorized senders to modify owner-only session delivery policy settings. The /allowlist mutating commands fail to enforce operator.admin scope. Attackers with operator.write scope can use /send on|off|inherit to persistently change the current session's sendPolicy and use /allowlist add to modify allowlist entries without proper authorization.

Recommendations Update to OpenClaw version 2026.3.24 or later. As a remediation, change the /send command to require owner status instead of just command authorization. Reuse the owner-only rejection pattern used by other privileged command surfaces like /config and /debug. Add regression coverage to ensure /send is rejected for non-owner senders, even if they are command-authorized. Verify that owners can still use /send normally.