CVE-2026-45001
HIGHOpenClaw < 2026.4.20 - Gateway Config Mutation Guard Bypass via Agent Tool Access
Title source: cnaDescription
OpenClaw before 2026.4.20 contains a guard bypass vulnerability in the agent-facing gateway config.patch and config.apply endpoints that fails to protect operator-trusted settings including sandbox policy, plugin enablement, gateway auth/TLS, hook routing, MCP server configuration, SSRF policy, and filesystem hardening. A prompt-injected model with access to the owner-only gateway tool can persist unauthorized changes to protected operator settings.
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
GitHub Security Advisory (GHSA-7jm2-g593-4qrc)
https://github.com/openclaw/openclaw/security/advisories/GHSA-7jm2-g593-4qrc
Patch patch
Patch Commit
https://github.com/openclaw/openclaw/commit/fe30b31a97a917ecc6e92f6c85378b6b20352422
Third Party Advisory third-party-advisory
VulnCheck Advisory: OpenClaw < 2026.4.20 - Gateway Config Mutation Guard Bypass via Agent Tool Access
https://www.vulncheck.com/advisories/openclaw-gateway-config-mutation-guard-bypass-via-agent-tool-access
Scores
CVSS v3
7.1
EPSS
0.0003
EPSS Percentile
8.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-862
Status
published
Products (3)
OpenClaw/OpenClaw
< 2026.4.20
openclaw/openclaw
< 2026.4.20
OpenClaw/OpenClaw
2026.4.20
Published
May 11, 2026
Tracked Since
May 11, 2026