CVE-2026-45001
Received Received - Intake
OpenClaw Guard Bypass in Agent Gateway Endpoints

Publication date: 2026-05-11

Last updated on: 2026-05-11

Assigner: VulnCheck

Description
OpenClaw before 2026.4.20 contains a guard bypass vulnerability in the agent-facing gateway config.patch and config.apply endpoints that fails to protect operator-trusted settings including sandbox policy, plugin enablement, gateway auth/TLS, hook routing, MCP server configuration, SSRF policy, and filesystem hardening. A prompt-injected model with access to the owner-only gateway tool can persist unauthorized changes to protected operator settings.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-11
Last Modified
2026-05-11
Generated
2026-05-11
AI Q&A
2026-05-11
EPSS Evaluated
N/A
NVD
CVE-2026-45001
EUVD
EUVD-2026-29146
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.4.20 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-45001 is a security vulnerability in OpenClaw versions before 2026.4.20 that allows an attacker to bypass authorization guards in the agent-facing gateway config.patch and config.apply endpoints.

This flaw permits a model with access to the owner-only gateway tool to make unauthorized changes to critical operator-trusted settings such as sandbox policy, plugin enablement, gateway authentication and TLS settings, hook routing, MCP server configuration, SSRF policy, and filesystem hardening.

The root cause is missing authorization checks (CWE-862), which means the system fails to properly restrict access to these sensitive configurations.


How can this vulnerability impact me? :

This vulnerability can allow an attacker with limited access (a model with owner-only gateway tool access) to persist unauthorized changes to critical system configurations.

  • Modification of sandbox policies could weaken security isolation.
  • Changing plugin enablement settings might allow malicious or untrusted plugins to run.
  • Altering gateway authentication and TLS settings could compromise secure communications.
  • Manipulating hook routing and MCP server configurations could disrupt system operations or enable further attacks.
  • Adjusting SSRF policies and filesystem hardening could expose the system to server-side request forgery attacks or weaken filesystem protections.

What immediate steps should I take to mitigate this vulnerability?

To mitigate the vulnerability CVE-2026-45001 in OpenClaw, you should immediately update OpenClaw to version 2026.4.20 or later, as this version contains the patch that fixes the authorization bypass flaw.

The patch tightens the gateway configuration mutation guard to prevent unauthorized modifications to critical operator-trusted settings such as sandbox policy, plugin enablement, gateway authentication/TLS, hook routing, MCP server configuration, SSRF policy, and filesystem hardening.

Ensure that only authorized users have access to the owner-only gateway tool, as the vulnerability requires access to this tool to be exploited.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart