Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
OpenClaw allows unauthorized access in some chat settings
GHSA-f6h3-846h-2r8w
Summary
OpenClaw's elevated mode had a security issue that allowed unauthorized access in certain chat settings. This has been fixed in version 2026.2.22. Update to the latest version to ensure secure elevated sender approval.
What to do
- Update openclaw to version 2026.2.22.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.2.22 | 2026.2.22 |
Original title
OpenClaw's elevated allowFrom accepted broader identity signals than specified within sender-scoped authorization
Original description
### Summary
In certain elevated-mode configurations, `tools.elevated.allowFrom` accepted broader identity signals than intended. The fix tightens matching to sender-scoped identity by default and makes mutable metadata matching explicit.
### Context
OpenClaw is commonly used in 1:1 chats or trusted group chats. In that intended model, this issue is best treated as authorization hardening / defense-in-depth for elevated sender approval.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published npm version at triage: `2026.2.21-2`
- Affected versions: `<= 2026.2.21-2`
- Planned patched version (pre-set for publish-ready advisory): `2026.2.22`
### Details
Elevated sender authorization now matches sender-scoped identity values only by default (`SenderId`, `From`, `SenderE164`) and no longer considers recipient routing fields such as `ctx.To`.
Mutable sender metadata (`SenderName`, `SenderUsername`, `SenderTag`) now requires explicit allowlist prefixes (`name:`, `username:`, `tag:`). Explicit identity prefixes are also supported (`id:`, `from:`, `e164:`).
### Fix Commit(s)
- `6817c0ec7b4fa830123d4f5c340f075a4bd04ee2`
### Release Process Note
The advisory `patched_versions` is pre-set to the planned next release (`2026.2.22`). Once npm `[email protected]` is published, this advisory can be published without additional content edits.
OpenClaw thanks @jiseoung for reporting.
In certain elevated-mode configurations, `tools.elevated.allowFrom` accepted broader identity signals than intended. The fix tightens matching to sender-scoped identity by default and makes mutable metadata matching explicit.
### Context
OpenClaw is commonly used in 1:1 chats or trusted group chats. In that intended model, this issue is best treated as authorization hardening / defense-in-depth for elevated sender approval.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published npm version at triage: `2026.2.21-2`
- Affected versions: `<= 2026.2.21-2`
- Planned patched version (pre-set for publish-ready advisory): `2026.2.22`
### Details
Elevated sender authorization now matches sender-scoped identity values only by default (`SenderId`, `From`, `SenderE164`) and no longer considers recipient routing fields such as `ctx.To`.
Mutable sender metadata (`SenderName`, `SenderUsername`, `SenderTag`) now requires explicit allowlist prefixes (`name:`, `username:`, `tag:`). Explicit identity prefixes are also supported (`id:`, `from:`, `e164:`).
### Fix Commit(s)
- `6817c0ec7b4fa830123d4f5c340f075a4bd04ee2`
### Release Process Note
The advisory `patched_versions` is pre-set to the planned next release (`2026.2.22`). Once npm `[email protected]` is published, this advisory can be published without additional content edits.
OpenClaw thanks @jiseoung for reporting.
ghsa CVSS4.0
5.3
Vulnerability type
CWE-639
Authorization Bypass Through User-Controlled Key
Published: 4 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026