OpenClaw Authorization Bypass (CVE-2026-44110) Exposes Room Control
The National Vulnerability Database (NVD) reports a critical authorization bypass vulnerability, CVE-2026-44110, in OpenClaw versions prior to 2026.4.15. This flaw, rated with a CVSS score of 8.8 (HIGH), stems from the Matrix room control-command authorization mechanism trusting direct message (DM) pairing-store entries.
Attackers can exploit this vulnerability by leveraging DM-paired sender IDs. By posting in bot rooms, they can execute privileged room control commands without being listed in the configured allowlists. This bypass could enable unauthorized and potentially destructive OpenClaw behaviors, granting threat actors significant control over compromised environments.
This isn’t just a misconfiguration; it’s a fundamental trust issue. The NVD highlights that the system implicitly trusts DM-paired senders, creating an avenue for unauthorized command execution. Defenders need to understand that this isn’t about breaking encryption or brute-forcing credentials; it’s about exploiting a logical flaw in how authorization is handled post-pairing, allowing a low-privilege attacker to escalate their impact significantly.
What This Means For You
- If your organization uses OpenClaw, you must immediately verify your version and apply the update to 2026.4.15 or later. Prioritize this patch to prevent unauthorized room control command execution and audit logs for any unusual bot room activity or unexpected OpenClaw behaviors.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-44110 OpenClaw Authorization Bypass via DM Pairing
title: CVE-2026-44110 OpenClaw Authorization Bypass via DM Pairing
id: scw-2026-05-06-ai-1
status: experimental
level: critical
description: |
Detects attempts to exploit CVE-2026-44110 by sending POST requests to OpenClaw's room control API endpoints. This bypasses authorization by leveraging DM-paired sender IDs, allowing unauthorized execution of room control commands. The presence of 'command=control' in the query string is a strong indicator of this specific vulnerability exploitation.
author: SCW Feed Engine (AI-generated)
date: 2026-05-06
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-44110/
tags:
- attack.impact
- attack.t1531
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/api/v1/rooms/'
cs-method:
- 'POST'
cs-uri-query|contains:
- 'command=control'
sc-status:
- '200'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-44110 | Auth Bypass | OpenClaw before 2026.4.15 |
| CVE-2026-44110 | Auth Bypass | Matrix room control-command authorization |
| CVE-2026-44110 | Auth Bypass | trusts DM pairing-store entries |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 06, 2026 at 23:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-41484 — OpenTelemetry.Exporter.OneCollector is a .NET exporter that
CVE-2026-41484 — OpenTelemetry.Exporter.OneCollector is a .NET exporter that sends telemetry to a OneCollector back-end over HTTP. In versions 1.15.0 and earlier, when a request to...
CVE-2026-41483 — OpenTelemetry.Resources.Azure is the .NET resource detector
CVE-2026-41483 — OpenTelemetry.Resources.Azure is the .NET resource detector for Azure environments. In versions 1.15.0-beta.1 and earlier, the AzureVmMetaDataRequestor class makes HTTP requests to the Azure...
CVE-2026-41417 — Netty allows request-line validation to be bypassed when a
CVE-2026-41417 — Netty allows request-line validation to be bypassed when a `DefaultHttpRequest` or `DefaultFullHttpRequest` is created first and its URI is later changed via `setUri()`....