OpenClaw Improper Access Control Bypasses Denylist, Allows Persistent Malicious Configs

/HIGH /CVSS 8.8/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severityimproper-access-controlcwe-184
OpenClaw Improper Access Control Bypasses Denylist, Allows Persistent Malicious Configs

The National Vulnerability Database has detailed CVE-2026-45006, a high-severity improper access control vulnerability in OpenClaw before version 2026.4.23. This flaw, rated 8.8 CVSS, resides in the gateway tool’s config.apply and config.patch operations. It allows compromised models to write unsafe configuration changes by bypassing an incomplete denylist protection, a critical failure in security design.

Attackers leveraging this vulnerability can achieve persistence for malicious configuration modifications. These changes can affect command execution, network behavior, credentials, and even operator policies, and crucially, they survive system restarts. This isn’t just a transient exploit; it’s a deep architectural compromise that allows an attacker to rewrite the rules of the system.

This vulnerability highlights the inherent risks in overly permissive configuration interfaces, particularly when denylists are the primary control. Defenders must recognize that an incomplete denylist is no defense at all. The attacker’s calculus here is clear: once a model is compromised, they gain a lasting foothold, effectively owning critical system behavior and data.

What This Means For You

  • If your organization utilizes OpenClaw, you must immediately patch to version 2026.4.23 or newer. Prioritize auditing configurations related to command execution, network policies, and credential management for any unauthorized or suspicious changes that may have been introduced via CVE-2026-45006. Assume compromise if you haven't patched.

Related ATT&CK Techniques

T1547.001 Registry Run Keys / Startup Folder Persistence T1078.001 Default Accounts Persistence T1547.009 AppInit DLLs Persistence

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1547.001 Persistence

CVE-2026-45006 - OpenClaw config.apply Unsafe Configuration Write

Sigma YAML — free preview 
title: CVE-2026-45006 - OpenClaw config.apply Unsafe Configuration Write
id: scw-2026-05-11-ai-1
status: experimental
level: critical
description: |
  Detects the specific config.apply operation in OpenClaw which is vulnerable to improper access control, allowing attackers to bypass denylist protections and write unsafe configuration changes. This rule specifically targets the vulnerable API endpoint and HTTP method used in exploitation.
author: SCW Feed Engine (AI-generated)
date: 2026-05-11
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-45006/
tags:
  - attack.persistence
  - attack.t1547.001
logsource:
    category: webserver
detection:
  selection:
      cs-uri|contains:
          - '/config.apply'
      cs-method|exact:
          - 'POST'
      sc-status|exact:
          - '200'
  condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-45006 Auth Bypass OpenClaw gateway tool config.apply operation
CVE-2026-45006 Auth Bypass OpenClaw gateway tool config.patch operation
CVE-2026-45006 Misconfiguration OpenClaw before 2026.4.23
CVE-2026-45006 Improper Access Control OpenClaw gateway tool incomplete denylist protection bypass

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 11, 2026 at 21:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-8318 — VectifyAI PageIndex Vulnerability

CVE-2026-8318 — A security flaw has been discovered in VectifyAI PageIndex up to f50e52975313c6716c02b20a119577a1929decba. Affected by this vulnerability is the function toc_transformer of the file...

vulnerabilityCVEmedium-severitycwe-404cwe-835
/SCW Vulnerability Desk /MEDIUM /5.3 /⚑ 3 IOCs /⚙ 2 Sigma

Crabbox Path Traversal (CVE-2026-45224) Enables Arbitrary File Deletion

CVE-2026-45224 — Crabbox before 0.9.0 contains a path traversal vulnerability in the Islo provider's workspace path resolution that allows attackers to supply absolute or relative...

vulnerabilityCVEhigh-severitypath-traversalcwe-22
/SCW Vulnerability Desk /HIGH /7.1 /⚑ 4 IOCs

CVE-2026-45223: Crabbox Authentication Bypass Allows Admin Privilege Escalation

CVE-2026-45223 — Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user-token verification path where the verifyUserToken() function fails to reject payloads containing...

vulnerabilityCVEhigh-severityauthentication-bypasscwe-290
/SCW Vulnerability Desk /HIGH /8.8 /⚑ 5 IOCs /⚙ 3 Sigma