Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
10.0
OpenClaw: Shared Users Can Access Admin Features
GHSA-rqpp-rjj8-7wv8
Summary
A flaw in OpenClaw allows shared users to access administrator features without proper authorization. This could let unauthorized users perform high-level actions on the system. To fix this, update to OpenClaw version 2026.3.12 or later.
What to do
- Update openclaw to version 2026.3.12.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.3.11 | 2026.3.12 |
Original title
OpenClaw: WebSocket shared-auth connections could self-declare elevated scopes
Original description
### Summary
A logic flaw in the OpenClaw gateway WebSocket connect path allowed certain device-less shared-token or password-authenticated backend connections to keep client-declared scopes without server-side binding. A shared-authenticated client could present elevated scopes such as `operator.admin` even though those scopes were not tied to a device identity or an explicitly trusted Control UI path.
### Impact
This crossed the intended authorization boundary and could let a shared-secret-authenticated backend client perform admin-only gateway operations.
### Affected versions
`openclaw` `<= 2026.3.11`
### Patch
Fixed in `openclaw` `2026.3.12`. The gateway now clears unbound scopes for non-Control-UI shared-auth connections, and regression tests cover the device-less shared-auth path.
A logic flaw in the OpenClaw gateway WebSocket connect path allowed certain device-less shared-token or password-authenticated backend connections to keep client-declared scopes without server-side binding. A shared-authenticated client could present elevated scopes such as `operator.admin` even though those scopes were not tied to a device identity or an explicitly trusted Control UI path.
### Impact
This crossed the intended authorization boundary and could let a shared-secret-authenticated backend client perform admin-only gateway operations.
### Affected versions
`openclaw` `<= 2026.3.11`
### Patch
Fixed in `openclaw` `2026.3.12`. The gateway now clears unbound scopes for non-Control-UI shared-auth connections, and regression tests cover the device-less shared-auth path.
ghsa CVSS3.1
10.0
Vulnerability type
CWE-269
Improper Privilege Management
CWE-862
Missing Authorization
- https://github.com/openclaw/openclaw/security/advisories/GHSA-rqpp-rjj8-7wv8
- https://github.com/openclaw/openclaw/pull/44306
- https://github.com/openclaw/openclaw/commit/5e389d5e7c9233ec91026ab2fea299ebaf32...
- https://github.com/openclaw/openclaw/releases/tag/v2026.3.12
- https://github.com/advisories/GHSA-rqpp-rjj8-7wv8
Published: 13 Mar 2026 · Updated: 14 Mar 2026 · First seen: 13 Mar 2026