OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in allow-always wrapper persistence that allows attackers to bypass approval checks by persisting wrapper-level allowlist entries instead of validating inner executable intent. Remote attackers can approve benign wrapped system.run commands and subsequently execute different payloads without approval, enabling remote code execution on gateway and node-host execution flows.
Attack Parameters
Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
Present
Additional conditions required
Privileges Required
High
Admin privileges needed
User Interaction
Active
User action required
Impact Assessment
Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service
CVSS Vector v4.0
Weakness Type (CWE)
Vulnerable Products 1
| Configuration | From (including) | Up to (excluding) |
|---|---|---|
|
Openclaw Openclaw
cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
|
— |
2026.2.22
|
References 3
https://github.com/openclaw/openclaw/commit/24c954d972400f508814532dea0e4dcb384…
disclosure@vulncheck.com
https://github.com/openclaw/openclaw/security/advisories/GHSA-6j27-pc5c-m8w8
disclosure@vulncheck.com
https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-allow-al…
disclosure@vulncheck.com