CVE-2026-35674
Awaiting Analysis Awaiting Analysis - Queue
OpenClaw Gateway Scope Bypass in Chat.send Route

Publication date: 2026-05-29

Last updated on: 2026-05-29

Assigner: VulnCheck

Description
OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route that allows scoped clients to execute privileged commands. Attackers with operator.write scope can deliver commands through inherited external routes to bypass operator.approvals and operator.admin scope requirements, enabling unauthorized plugin, config, MCP, allowlist, and ACP mutations.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-29
Last Modified
2026-05-29
Generated
2026-05-29
AI Q&A
2026-05-29
EPSS Evaluated
N/A
NVD
CVE-2026-35674
EUVD
EUVD-2026-33337
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.5.18 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in OpenClaw versions before 2026.5.18 and involves a scope bypass in the Gateway chat.send route.

Clients with the operator.write scope can exploit inherited external routes to execute commands that normally require higher privileges such as operator.approvals or operator.admin.

This allows attackers to perform unauthorized actions including modifying plugins, configurations, MCP settings, allowlists, and ACP settings.

The root cause is incorrect authorization (CWE-863) and missing authorization (CWE-862) in the handling of scoped commands delivered through inherited routes.


How can this vulnerability impact me? :

This vulnerability can have a significant impact by allowing attackers with limited privileges (operator.write) to escalate their permissions and execute high-privilege commands.

  • Unauthorized modification of plugins, which could introduce malicious functionality.
  • Unauthorized changes to configuration settings, potentially destabilizing or compromising the system.
  • Manipulation of MCP, allowlist, and ACP settings, which can affect access control and security policies.

Overall, this can lead to a compromise of confidentiality, integrity, and availability of the affected system.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, users should upgrade OpenClaw to version 2026.5.18 or later, which contains the patch for this scope bypass issue.

Additionally, avoid granting operator.write tokens to clients that can deliver commands into sessions with inherited external routes unless those clients are fully trusted with admin-like command effects.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart