CVE-2026-35674
Analyzed Analyzed - Analysis Complete
OpenClaw Gateway Scope Bypass in Chat.send Route

Publication date: 2026-05-29

Last updated on: 2026-06-01

Assigner: VulnCheck

Description
OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route that allows scoped clients to execute privileged commands. Attackers with operator.write scope can deliver commands through inherited external routes to bypass operator.approvals and operator.admin scope requirements, enabling unauthorized plugin, config, MCP, allowlist, and ACP mutations.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-29
Last Modified
2026-06-01
Generated
2026-06-19
AI Q&A
2026-05-29
EPSS Evaluated
2026-06-18
NVD
CVE-2026-35674
EUVD
EUVD-2026-33337
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.5.18 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in OpenClaw versions before 2026.5.18 and involves a scope bypass in the Gateway chat.send route.

Clients with the operator.write scope can exploit inherited external routes to execute commands that normally require higher privileges such as operator.approvals or operator.admin.

This allows attackers to perform unauthorized actions including modifying plugins, configurations, MCP settings, allowlists, and ACP settings.

The root cause is incorrect authorization (CWE-863) and missing authorization (CWE-862) in the handling of scoped commands delivered through inherited routes.

Impact Analysis

This vulnerability can have a significant impact by allowing attackers with limited privileges (operator.write) to escalate their permissions and execute high-privilege commands.

  • Unauthorized modification of plugins, which could introduce malicious functionality.
  • Unauthorized changes to configuration settings, potentially destabilizing or compromising the system.
  • Manipulation of MCP, allowlist, and ACP settings, which can affect access control and security policies.

Overall, this can lead to a compromise of confidentiality, integrity, and availability of the affected system.

Mitigation Strategies

To mitigate this vulnerability, users should upgrade OpenClaw to version 2026.5.18 or later, which contains the patch for this scope bypass issue.

Additionally, avoid granting operator.write tokens to clients that can deliver commands into sessions with inherited external routes unless those clients are fully trusted with admin-like command effects.

Compliance Impact

The vulnerability allows attackers with operator.write scope to bypass authorization checks and execute privileged commands, potentially leading to unauthorized modifications of plugins, configurations, and access control policies.

Such unauthorized access and modifications could compromise the confidentiality, integrity, and availability of systems and data, which are critical aspects of compliance with standards like GDPR and HIPAA.

Therefore, if exploited, this vulnerability could lead to violations of regulatory requirements related to data protection and access control.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-35674. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart