CVE-2026-27524
Prototype Pollution in OpenClaw /debug Set Allows Privilege Bypass
Publication date: 2026-03-18
Last updated on: 2026-03-25
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.2.21 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1321 | The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-27524 is a prototype pollution vulnerability affecting OpenClaw versions prior to 2026.2.21. It occurs because the runtime `/debug set` override feature accepts prototype-reserved keys such as `__proto__`, `constructor`, and `prototype` within override object values.'}, {'type': 'paragraph', 'content': "Authorized callers to the `/debug set` endpoint can inject these reserved keys to manipulate the object's prototype chain during runtime. This manipulation allows attackers to bypass command gate restrictions by enabling commands through inherited prototype properties."}, {'type': 'paragraph', 'content': 'The vulnerability is considered low severity and requires an authorized caller with access to the `/debug set` endpoint, meaning no unauthenticated attack vector exists. The issue was fixed in version 2026.2.21 by blocking prototype key injection and enforcing strict own-property checks on command flags.'}] [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability allows an authorized user with access to the `/debug set` endpoint to inject prototype-reserved keys and manipulate object prototypes at runtime.
By exploiting this, an attacker can bypass command gate restrictions, potentially enabling privileged commands such as `bash`, `config`, or `debug` that should otherwise be restricted.
Although the impact is limited by the requirement of authorized access and the `/debug` endpoint being disabled by default, it poses a defense-in-depth risk by allowing unauthorized behavior within the runtime environment.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves prototype pollution via the runtime `/debug set` override feature in OpenClaw versions prior to 2026.2.21. Detection requires verifying if unauthorized prototype-reserved keys such as `__proto__`, `constructor`, or `prototype` have been injected into runtime override objects.
Since exploitation requires authorized access to the `/debug set` endpoint, detection can focus on monitoring authorized calls to this endpoint and inspecting override objects for presence of prototype-reserved keys.
Specific commands or checks to detect this vulnerability are not explicitly provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation is to upgrade OpenClaw to version 2026.2.21 or later, where the vulnerability is fixed.
- The patched version blocks prototype-reserved keys during runtime override merges and sanitizes nested object values to remove such keys.
- It enforces strict own-property boolean flag checks on restricted command gates (`bash`, `config`, `debug`) to prevent enabling commands via prototype inheritance.
- Disable or restrict access to the `/debug set` endpoint to only fully trusted and authorized users, as exploitation requires authorized access.
Additional security hardenings in the patch include improved gating logic and environment sanitization to prevent unauthorized command execution and environment manipulation.