OpenClaw Authorization Bypass Puts Operator Privileges at Risk

/HIGH /CVSS 7.1/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitycwe-807
OpenClaw Authorization Bypass Puts Operator Privileges at Risk

The National Vulnerability Database has disclosed CVE-2026-41299, a high-severity authorization bypass in OpenClaw before version 2026.3.28. This flaw specifically impacts the chat.send gateway method, allowing authenticated operator clients to spoof Advanced Control Protocol (ACP) identities.

The vulnerability stems from insufficient validation; ACP-only provenance fields are gated by self-declared client metadata during the WebSocket handshake, rather than verified authorization states. This means an attacker can manipulate client metadata during connection to inject reserved provenance fields, effectively bypassing intended ACP bridge restrictions and escalating privileges.

For defenders, this is a clear signal to audit your OpenClaw deployments immediately. An attacker doesn’t need to bypass authentication, only to be an authenticated operator. This significantly lowers the bar for exploitation, as internal threats or compromised operator accounts can leverage this to inject unauthorized commands or data, leading to integrity violations and potential operational disruption. Patching to version 2026.3.28 or later is critical to mitigate this risk.

What This Means For You

  • If your organization uses OpenClaw, immediately verify your version. Patch to OpenClaw 2026.3.28 or later to close the CVE-2026-41299 authorization bypass. Additionally, review logs for any suspicious `chat.send` gateway activity from operator accounts that might indicate attempts to spoof ACP identities.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1538 Information Gathering Discovery T1078.004 Cloud Accounts Persistence

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1190 Initial Access

OpenClaw Authorization Bypass via chat.send - CVE-2026-41299

Sigma YAML — free preview
✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Export via Bot →

Indicators of Compromise

IDTypeIndicator
CVE-2026-41299 Auth Bypass OpenClaw before 2026.3.28
CVE-2026-41299 Auth Bypass chat.send gateway method
CVE-2026-41299 Auth Bypass Spoofing ACP identity labels via client metadata during WebSocket handshake

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 21, 2026 at 03:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related Posts

CVE-2026-6675 — The Responsive Blocks – Page Builder for Blocks & Patterns

CVE-2026-6675 — The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to Unauthenticated Open Email Relay in all versions...

vulnerabilityCVEmedium-severitycwe-20
/SCW Vulnerability Desk /MEDIUM /5.3 /⚑ 2 IOCs /⚙ 2 Sigma

CVE-2026-6674 — SQL Injection

CVE-2026-6674 — The Plugin: CMS für Motorrad Werkstätten plugin for WordPress is vulnerable to SQL Injection via the 'arttype' parameter in all versions up to,...

vulnerabilityCVEmedium-severitysql-injectioncwe-89
/SCW Vulnerability Desk /MEDIUM /6.5 /⚑ 2 IOCs /⚙ 3 Sigma

FreeScout CSS Injection Allows Privilege Escalation

CVE-2026-40497 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's `Helper::stripDangerousTags()` removes ``, ``, ``, `` but does...

vulnerabilityCVEhigh-severitycross-site-scripting-xsscwe-79
/SCW Vulnerability Desk /HIGH /8.1 /⚑ 4 IOCs /⚙ 3 Sigma