OpenClaw allows unauthorized access to owner-only tools

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.7

OpenClaw allows unauthorized access to owner-only tools

GHSA-jr6x-2q95-fh2g

Summary

Authenticated users with limited access could perform actions they shouldn't be able to, like controlling certain tools. This was fixed in version 2026.3.1. If you're using version 2026.2.26 or earlier, update to the latest version to prevent this issue.

What to do

Update openclaw to version 2026.3.1.

Affected software

Vendor	Product	Affected versions	Fix available
–	openclaw	<= 2026.3.1	2026.3.1

Original title

OpenClaw's authorization mismatch allowed write-scope agent runs to reach owner-only tools

Original description

### Summary
An authorization mismatch allowed authenticated callers with `operator.write` access to invoke owner-only tool surfaces (`gateway`, `cron`) through `agent` runs in scoped-token deployments.

### Impact
On affected deployments, write-scoped callers could perform control-plane actions beyond intended write scope.

### Fix
Owner-only gating is now enforced consistently for owner-only tool surfaces during agent execution, and tool scope classification was tightened to remove the privilege mismatch.

### Affected and Patched Versions
- Affected: `<= 2026.2.26`
- Patched: `2026.3.1`

ghsa CVSS4.0 8.7

Vulnerability type

CWE-269 Improper Privilege Management

CWE-862 Missing Authorization

Published: 2 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026