GHSA-C28G-VH7M-FM7V: GHSA-C28G-VH7M-FM7V: Improper Authorization and Privilege Escalation in Open…

1 / 2

GHSA-C28G-VH7M-FM7V: GHSA-C28G-VH7M-FM7V: Improper Authorization and Privilege Escalation in OpenClaw Command Resolution

DEV Community·CVE Reports·about 1 month ago

#85dw3Vmz

#commit #security #cve #cybersecurity #openclaw #authorization

Reading 0:00

15s threshold

GHSA-C28G-VH7M-FM7V: Improper Authorization and Privilege Escalation in OpenClaw Command Resolution Vulnerability ID: GHSA-C28G-VH7M-FM7V CVSS Score: 5.5 Published: 2026-04-29 OpenClaw contains an improper authorization vulnerability where the framework fails to adequately differentiate between channel-level access rights and administrative command ownership. When a wildcard channel configuration is employed without an explicitly defined owner allowlist, the fallback logic incorrectly grants administrative privileges to any user communicating on that channel. TL;DR A flaw in OpenClaw's authorization logic allows unprivileged users to execute administrative commands if the communication channel relies on a wildcard sender policy and an explicit owner allowlist is not configured.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

GHSA-C28G-VH7M-FM7V: GHSA-C28G-VH7M-FM7V: Improper Authorization and Privilege Escalation in OpenClaw Command Resolution