Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-41299 is an authorization bypass vulnerability in the OpenClaw software versions before 2026.3.28. It affects the chat.send gateway method where certain ACP-only provenance fields are protected based on client metadata declared during the WebSocket handshake instead of a verified authorization state.

This flaw allows authenticated operator clients to spoof ACP identity labels and inject reserved provenance fields meant only for the ACP bridge by manipulating their client metadata during connection.

The vulnerability is related to improper authentication and reliance on untrusted inputs in security decisions, classified under CWE-290 and CWE-807.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow an authenticated operator client with limited privileges to bypass intended access controls by spoofing ACP identity labels.

By injecting reserved provenance fields, an attacker could impersonate privileged components (ACP bridge), potentially leading to unauthorized actions or data manipulation within the chat gateway.

The impact includes a high integrity risk, meaning that data or operations could be maliciously altered, although confidentiality and availability impacts are low or none.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, you should upgrade OpenClaw to version 2026.3.28 or later, where the issue has been fixed by enforcing verified scope requirements for chat provenance.

This update addresses the authorization bypass by ensuring that ACP-only provenance fields are gated by verified authorization states rather than self-declared client metadata.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves spoofing ACP identity labels by manipulating client metadata during the WebSocket handshake in the chat.send gateway method of OpenClaw versions prior to 2026.3.28.

To detect this vulnerability on your system or network, you should monitor WebSocket handshake metadata for unauthorized or suspicious client metadata fields that attempt to inject ACP-only provenance fields.

Specifically, you can capture and analyze WebSocket handshake traffic to identify clients declaring ACP identity labels without verified authorization.

• Use network packet capture tools like tcpdump or Wireshark to capture WebSocket handshake traffic on the relevant ports.
• Example tcpdump command to capture WebSocket handshake traffic (assuming default port 80 or 443):
• tcpdump -i <interface> -s 0 -w capture.pcap 'tcp port 80 or tcp port 443'
• Analyze the captured traffic with Wireshark or similar tools to inspect WebSocket handshake headers for suspicious client metadata fields.
• Alternatively, enable detailed logging on the OpenClaw gateway component to log client metadata received during WebSocket handshakes and review logs for unauthorized ACP identity labels.

Since the vulnerability is related to authorization bypass by spoofing client metadata, detection involves identifying unexpected or unauthorized provenance fields in client metadata during connection establishment.

Useful 0 Not Useful 0