CVE-2026-45006
Improper Access Control in OpenClaw Gateway Tool Config Operations
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.4.23 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-184 | The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows attackers to make persistent malicious configuration changes that affect command execution, network behavior, credentials, and operator policies. Such unauthorized modifications can lead to breaches of confidentiality, integrity, and availability of sensitive data and system controls.
Because these impacts include unauthorized access and potential compromise of credentials and network behavior, the vulnerability could negatively affect compliance with standards and regulations like GDPR and HIPAA, which require strict controls over data protection, access management, and system integrity.
However, the provided information does not explicitly mention compliance with any specific standards or regulations.
Can you explain this vulnerability to me?
CVE-2026-45006 is an improper access control vulnerability in OpenClaw versions before 2026.4.23. It affects the gateway tool's config.apply and config.patch operations, where a flawed denylist meant to protect sensitive configuration paths can be bypassed by attackers with compromised models.
This allows attackers to write unsafe configuration changes that persist even after system restarts. These changes can affect critical areas such as command execution, network and proxy behavior, credentials forwarding, telemetry, hook endpoints, memory and indexing surfaces, and operator policy controls.
The root cause is a missing or incomplete authorization mechanism (CWE-862), where the denylist protection was insufficient due to the config schema outgrowing it.
How can this vulnerability impact me? :
This vulnerability can have serious impacts including unauthorized command execution, manipulation of network and proxy settings, exposure or misuse of credentials, and alteration of operator policies.
Because the malicious configuration changes persist after restarts, attackers can maintain long-term control or influence over the affected system.
The vulnerability affects confidentiality, integrity, and availability of the system, potentially leading to data breaches, service disruptions, or unauthorized access.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update OpenClaw to version 2026.4.23 or later, which includes a fix that replaces the incomplete denylist with a fail-closed allowlist for the gateway config.apply and config.patch operations.
This update restricts configuration changes to only agent-tunable prompt/model settings and mention-gating paths, rejecting all other unsafe config mutations before they are applied.
Applying this patch will prevent attackers from exploiting the improper access control vulnerability that allows malicious config modifications to persist and affect command execution, network behavior, credentials, and operator policies.