Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-27524 is a prototype pollution vulnerability affecting OpenClaw versions prior to 2026.2.21. It occurs because the runtime `/debug set` override feature accepts prototype-reserved keys such as `__proto__`, `constructor`, and `prototype` within override object values.'}, {'type': 'paragraph', 'content': "Authorized callers to the `/debug set` endpoint can inject these reserved keys to manipulate the object's prototype chain during runtime. This manipulation allows attackers to bypass command gate restrictions by enabling commands through inherited prototype properties."}, {'type': 'paragraph', 'content': 'The vulnerability is considered low severity and requires an authorized caller with access to the `/debug set` endpoint, meaning no unauthenticated attack vector exists. The issue was fixed in version 2026.2.21 by blocking prototype key injection and enforcing strict own-property checks on command flags.'}] [1, 2, 3]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows an authorized user with access to the `/debug set` endpoint to inject prototype-reserved keys and manipulate object prototypes at runtime.

By exploiting this, an attacker can bypass command gate restrictions, potentially enabling privileged commands such as `bash`, `config`, or `debug` that should otherwise be restricted.

Although the impact is limited by the requirement of authorized access and the `/debug` endpoint being disabled by default, it poses a defense-in-depth risk by allowing unauthorized behavior within the runtime environment.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves prototype pollution via the runtime `/debug set` override feature in OpenClaw versions prior to 2026.2.21. Detection requires verifying if unauthorized prototype-reserved keys such as `__proto__`, `constructor`, or `prototype` have been injected into runtime override objects.

Since exploitation requires authorized access to the `/debug set` endpoint, detection can focus on monitoring authorized calls to this endpoint and inspecting override objects for presence of prototype-reserved keys.

Specific commands or checks to detect this vulnerability are not explicitly provided in the available resources.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation is to upgrade OpenClaw to version 2026.2.21 or later, where the vulnerability is fixed.

• The patched version blocks prototype-reserved keys during runtime override merges and sanitizes nested object values to remove such keys.
• It enforces strict own-property boolean flag checks on restricted command gates (`bash`, `config`, `debug`) to prevent enabling commands via prototype inheritance.
• Disable or restrict access to the `/debug set` endpoint to only fully trusted and authorized users, as exploitation requires authorized access.

Additional security hardenings in the patch include improved gating logic and environment sanitization to prevent unauthorized command execution and environment manipulation.

Useful 0 Not Useful 0