CVE-2026-35620
Authorization Bypass in OpenClaw Chat Commands Allows Privilege Escalation
Publication date: 2026-04-10
Last updated on: 2026-04-13
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.3.24 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-35620 is an authorization bypass vulnerability in OpenClaw versions before 2026.3.24. It involves missing authorization checks in the /send and /allowlist chat command handlers.
Specifically, the /send command allows users who are authorized to run commands but are not the session owner to change session delivery policy settings that should be restricted to owners only. Attackers with operator.write scope can use the /send commands (on, off, inherit) to persistently modify the current session's sendPolicy.
Additionally, the /allowlist mutating commands fail to enforce the required operator.admin scope, enabling attackers with operator.write scope to execute /allowlist add commands. This allows unauthorized modification of configuration-backed allowFrom entries and pairing-store allowlist entries without proper admin authorization.
In summary, this vulnerability allows lower-privileged users to bypass intended owner-only and admin-only restrictions on certain commands, leading to unauthorized persistent changes in session policies and allowlist configurations.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing unauthorized users with operator.write scope to change session delivery policies and modify allowlist entries without proper authorization.
Specifically, an attacker can persistently change the session's sendPolicy using the /send command, potentially disabling or enabling message delivery in ways not intended by the session owner.
Moreover, attackers can add entries to the allowlist configuration and pairing store without having operator.admin privileges, potentially granting unauthorized access or permissions to entities that should not have them.
While this does not lead to code execution, sandbox escape, or cross-host compromise, it can disrupt normal session behavior and weaken access controls, which may affect the security and integrity of your OpenClaw environment.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves unauthorized use of the /send and /allowlist chat commands in OpenClaw prior to version 2026.3.24. Detection involves monitoring for unauthorized invocation of these commands by users who have operator.write scope but are not owners or admins.
Specifically, you can look for the following suspicious activities on your system or network:
- Non-owner users issuing the /send command with parameters on, off, or inherit to change session delivery policies.
- Users with operator.write scope executing /allowlist add commands to modify allowlist entries without proper admin authorization.
While no explicit detection commands are provided in the resources, you can audit logs or command histories for invocations of these commands by unauthorized users.
For example, you might use commands or scripts to search logs for patterns like:
- grep '/send on' or '/send off' or '/send inherit' in OpenClaw command logs to identify unauthorized sendPolicy changes.
- grep '/allowlist add' in logs to detect unauthorized modifications to allowlists.
Additionally, monitoring user scopes and permissions to ensure only owners or operator.admin scoped users execute these commands can help detect exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade OpenClaw to version 2026.3.24 or later, where patches have been applied to enforce proper authorization checks on the /send and /allowlist commands.
Until you can upgrade, consider the following immediate actions:
- Restrict operator.write scope users from executing the /send and /allowlist mutating commands by adjusting permissions or scopes.
- Manually audit and monitor command usage to detect and respond to unauthorized changes.
- Implement temporary access controls or command filters to block non-owner or non-admin users from invoking these commands.
The vulnerability arises from missing authorization checks, so enforcing strict role-based access control and verifying user scopes before allowing command execution is critical.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2026-35620 is an authorization bypass vulnerability in OpenClaw that allows non-owner users with certain command authorization to persistently modify session delivery policies and allowlist entries without proper admin authorization.
This improper authorization could lead to unauthorized changes in session behavior and access control configurations, potentially exposing sensitive communication or allowing unauthorized access.
Such unauthorized modifications may impact compliance with standards and regulations like GDPR or HIPAA, which require strict access controls and protection of personal or sensitive data.
Specifically, failure to enforce proper authorization could result in unauthorized data access or alteration, which may violate data protection principles mandated by these regulations.
However, the CVE description and resources do not explicitly mention compliance impacts or regulatory considerations.