OpenClaw CVE-2026-45001: Gateway Bypass Exposes Operator Settings

/HIGH /CVSS 7.1/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severityserver-side-request-forgerycwe-862
OpenClaw CVE-2026-45001: Gateway Bypass Exposes Operator Settings

The National Vulnerability Database has detailed CVE-2026-45001, a high-severity guard bypass vulnerability affecting OpenClaw before version 2026.4.20. This flaw resides in the agent-facing gateway’s config.patch and config.apply endpoints, failing to adequately protect critical operator-trusted settings.

An attacker exploiting this vulnerability, particularly through a prompt-injected model with access to the owner-only gateway tool, could persist unauthorized changes. The exposed settings are extensive, including sandbox policy, plugin enablement, gateway authentication/TLS, hook routing, MCP server configuration, SSRF policy, and filesystem hardening. This level of access grants an attacker significant control over the system’s security posture.

The CVSSv3.1 score of 7.1 (High) with a vector of AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N underscores the severity. While confidentiality impact is low, the high integrity impact means an attacker can significantly alter configurations, potentially leading to further compromise or persistence. The lack of specific affected product details from the National Vulnerability Database means defenders should assume broad applicability within OpenClaw environments.

What This Means For You

  • If your organization uses OpenClaw, immediately audit your versions. Prioritize patching to OpenClaw 2026.4.20 or later to mitigate CVE-2026-45001. Review gateway configurations and operator-trusted settings for any unauthorized changes, especially those related to authentication, sandbox policies, and SSRF controls. This vulnerability grants an attacker the ability to fundamentally alter your security architecture.

Related ATT&CK Techniques

T1505.003 Server Software Component: Gateway Persistence T1078.001 Default Accounts: Default Accounts Persistence T1574.002 Hijack Execution Flow: DLL Side-Loading Persistence

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1505.003 Persistence

CVE-2026-45001: OpenClaw Gateway Bypass for Operator Settings

Sigma YAML — free preview 
title: CVE-2026-45001: OpenClaw Gateway Bypass for Operator Settings
id: scw-2026-05-11-ai-1
status: experimental
level: critical
description: |
  Detects attempts to access the OpenClaw agent-facing gateway config.patch and config.apply endpoints. Successful exploitation of CVE-2026-45001 allows an attacker with owner-only gateway tool access to bypass guards and modify operator-trusted settings, leading to persistence or further compromise.
author: SCW Feed Engine (AI-generated)
date: 2026-05-11
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-45001/
tags:
  - attack.persistence
  - attack.t1505.003
logsource:
    category: webserver
detection:
  selection:
      cs-uri|contains:
          - '/config.patch'
          - '/config.apply'
      cs-method|exact:
          - 'POST'
      condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-45001 Auth Bypass OpenClaw before 2026.4.20
CVE-2026-45001 Auth Bypass agent-facing gateway config.patch endpoint
CVE-2026-45001 Auth Bypass agent-facing gateway config.apply endpoint
CVE-2026-45001 Misconfiguration operator-trusted settings including sandbox policy, plugin enablement, gateway auth/TLS, hook routing, MCP server configuration, SSRF policy, and filesystem hardening

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 11, 2026 at 21:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-8321: Inkeep Agents Authentication Bypass Vulnerability

CVE-2026-8321 — A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function createDevContext of the file agents-api/src/middleware/runAuth.ts of the component runAuth Middleware....

vulnerabilityCVEhigh-severityauthentication-bypasscwe-287cwe-288
/SCW Vulnerability Desk /HIGH /7.3 /⚑ 3 IOCs /⚙ 3 Sigma

CVE-2026-8320 — Jishenghua JshERP Server-Side Request Forgery

CVE-2026-8320 — A security vulnerability has been detected in jishenghua jshERP up to 3.6. This affects the function getUserByWeixinCode of the file jshERP-boot/src/main/java/com/jsh/erp/service/UserService.java of the...

vulnerabilityCVEmedium-severityserver-side-request-forgerycwe-918
/SCW Vulnerability Desk /MEDIUM /4.7 /⚑ 2 IOCs /⚙ 3 Sigma

CVE-2026-8319 — A weakness has been identified in aiwaves-cn agents up to

CVE-2026-8319 — A weakness has been identified in aiwaves-cn agents up to e8c4e3c2d19739d3dff59e577d1c97090cc15f59. Affected by this issue is the function recall_relevant_memories_to_working_memory of the file core/cat/looking_glass/stray_cat.py...

vulnerabilityCVEmedium-severitycwe-400cwe-404
/SCW Vulnerability Desk /MEDIUM /5.3 /⚑ 3 IOCs /⚙ 2 Sigma