CVE-2026-44991
Authorization Bypass in OpenClaw via Wildcard Sender Configuration
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.4.21 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in OpenClaw before version 2026.4.21 is an authorization bypass issue in the command-auth.ts file. It allows non-owner users to execute commands that are supposed to be restricted to owners only, such as /send, /config, or /debug.
The problem occurs when wildcard inbound senders are configured (allowFrom: ["*"]) without explicit owner allowFrom settings. In this case, the system incorrectly authorizes non-owner senders to run owner-enforced slash commands by reusing the wildcard channel sender permission for command ownership checks.
The vulnerability was fixed by requiring explicit owner identity verification for owner-enforced commands, ensuring only the actual owner or an internal operator-admin can execute these commands.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability impact me? :
This vulnerability can allow unauthorized users to bypass owner-only command restrictions and execute sensitive slash commands such as /send, /config, or /debug on affected channels.
While it does not grant additional privileges like tool access or administrative scope, it can lead to unauthorized command execution that may disrupt operations or expose sensitive configurations.
Attackers exploiting this flaw could manipulate channel settings or send commands that should be restricted, potentially causing operational issues or unauthorized changes.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if your OpenClaw installation is configured with wildcard inbound senders (allowFrom: ["*"]) without explicit ownerAllowFrom settings while having owner-enforced commands enabled.
You can attempt to detect exploitation by monitoring or testing if non-owner users are able to execute owner-only slash commands such as /send, /config, or /debug on affected channels.
Specifically, you might try sending these commands from a non-owner account to see if they are improperly authorized.
There are no explicit detection commands provided in the resources, but testing command execution permissions for non-owner users on owner-enforced commands is a practical approach.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading OpenClaw to version 2026.4.21 or later, where the vulnerability has been patched.
If upgrading immediately is not possible, configure explicit owner permissions by setting the commands.ownerAllowFrom property to specify concrete owner identities instead of relying on wildcard inbound sender settings.
Ensure that the channel plugin does not use allowFrom: ["*"] without explicit ownerAllowFrom settings when commands.enforceOwnerForCommands is enabled.
These steps prevent unauthorized users from bypassing owner-only command authorization checks.