PT-2026-39690 · Openclaw · Openclaw

Keensecuritylab

+1

·

Published

2026-04-25

·

Updated

2026-05-11

·

CVE-2026-45001

CVSS v3.1

7.1

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.20
Description A guard bypass exists in the agent-facing gateway endpoints "config.patch" and "config.apply". This issue fails to protect operator-trusted settings, including sandbox policy, plugin enablement, gateway auth/TLS, hook routing, MCP server configuration, SSRF policy, and filesystem hardening. A prompt-injected model with access to the owner-only gateway tool can persist unauthorized changes to these protected operator settings.
Recommendations Update to version 2026.4.20 or later.

Exploit

Fix

Missing Authorization

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-45001
GHSA-7JM2-G593-4QRC

Affected Products

Openclaw