CVE-2026-28473 OpenClaw — Exploit & Vulnerability Details HIGH

Parameter	Value
CVSS	7.2 (HIGH)
Affected Versions	before 2026.2.2
Type	CWE-863 (Incorrect Authorization (Неправильная авторизация))
Vendor	OpenClaw
Public PoC	No

OpenClaw versions prior to 2026.2.2 contain an authorization bypass vulnerability where clients with operator.write scope can approve or deny exec approval requests by sending the /approve chat command. The /approve command path invokes exec.approval.resolve through an internal privileged gateway client, bypassing the operator.approvals permission check that protects direct RPC calls.

Attack Parameters

Attack Vector

Network

Атака возможна удалённо

Attack Complexity

Low

Легко эксплуатировать

Attack Requirements

None

Нет дополнительных условий

Privileges Required

Low

Нужны базовые права

User Interaction

None

Не нужно действие пользователя

Impact Assessment

Confidentiality

None

Нет утечки данных

Integrity

High

Полная модификация данных

Availability

High

Полный отказ в обслуживании

CVSS Vector v4.0

Weakness Type (CWE)

CWE-863 Incorrect Authorization (Неправильная авторизация)

References 3

https://github.com/openclaw/openclaw/commit/efe2a464afcff55bb5a95b959e6bd9ec0fe…

disclosure@vulncheck.com

https://github.com/openclaw/openclaw/security/advisories/GHSA-mqpw-46fh-299h

disclosure@vulncheck.com

https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-approve-…

disclosure@vulncheck.com

Menu

CVE-2026-28473

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 3

CVE Details

Editor's Choice