CVE-2026-35653

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.3.22 and earlier

Description OpenClaw versions 2026.3.22 and earlier contain an incorrect authorization issue in the ''POST /reset-profile'' endpoint. Authenticated callers with operator.write access to browser.request can bypass profile mutation restrictions. Attackers can invoke ''POST /reset-profile'' through the browser.request surface to stop the running browser, close Playwright connections, and move profile directories to Trash. The vulnerability is due to the isPersistentBrowserProfileMutation() function not classifying ''POST /reset-profile'' as a protected mutation, allowing access through the browser.request surface. The vulnerable paths include src/gateway/method-scopes.ts:114, src/gateway/server-methods/browser.ts:155-165, src/browser/request-policy.ts:19-25, src/browser/routes/basic.ts:161-170, src/browser/server-context.reset.ts:37-63, and src/node-host/invoke-browser.ts:240-243.

Recommendations Extend the persistent-profile mutation classifier to include ''POST /reset-profile''. Reuse the same centralized route classification everywhere the release currently relies on isPersistentBrowserProfileMutation(...), including src/gateway/server-methods/browser.ts and src/node-host/invoke-browser.ts. Add regression coverage with a deny control for ''POST /reset-profile'' on the lower-privilege browser.request surface and an allow control for non-mutating browser profile reads. Review nearby profile-management routes for any other state-changing endpoints that are still omitted from the mutation classifier.