Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
2.0
OpenClaw's Debug Mode Can Be Hacked with Special Keys
GHSA-62f6-mrcj-v8h5
Summary
OpenClaw's debug mode can be exploited by an authorized user with special knowledge, allowing them to bypass certain security restrictions. This issue only affects the debug mode, which is disabled by default, and requires a previous authorization to access. To fix this issue, update to OpenClaw version 2026.2.21 or later.
What to do
- Update openclaw to version 2026.2.21.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.2.21 | 2026.2.21 |
Original title
OpenClaw's runtime /debug override path accepted prototype-reserved keys
Original description
### Summary
OpenClaw accepted prototype-reserved keys in runtime `/debug set` override object values (`__proto__`, `constructor`, `prototype`).
### Impact
`/debug` is disabled by default, and exploitation requires an already authorized `/debug set` caller. No unauthenticated vector was identified.
This issue affects runtime in-memory overrides only (non-persistent and cleared on restart/reset). Given the required prior authorization boundary, this is treated as defense-in-depth hardening for command flag evaluation.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published vulnerable version confirmed: `2026.2.19-2`
- Vulnerable range: `<= 2026.2.19-2`
- Patched in planned next release: `2026.2.21`
### Technical Details
- Runtime override merges now block reserved prototype keys during deep merge.
- Runtime override writes now sanitize nested object values to remove reserved prototype keys before storing overrides.
- Restricted command gates (`bash`, `config`, `debug`) now require own-property boolean flags, preventing inherited prototype values from enabling commands.
### Fix Commit(s)
- `fbb79d4013000552d6a2c23b9613d8b3cb92f6b6`
### Release Process Note
`patched_versions` is pre-set to `2026.2.21` so after the npm release is live, this advisory can be published immediately.
OpenClaw thanks @tdjackey for reporting.
OpenClaw accepted prototype-reserved keys in runtime `/debug set` override object values (`__proto__`, `constructor`, `prototype`).
### Impact
`/debug` is disabled by default, and exploitation requires an already authorized `/debug set` caller. No unauthenticated vector was identified.
This issue affects runtime in-memory overrides only (non-persistent and cleared on restart/reset). Given the required prior authorization boundary, this is treated as defense-in-depth hardening for command flag evaluation.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published vulnerable version confirmed: `2026.2.19-2`
- Vulnerable range: `<= 2026.2.19-2`
- Patched in planned next release: `2026.2.21`
### Technical Details
- Runtime override merges now block reserved prototype keys during deep merge.
- Runtime override writes now sanitize nested object values to remove reserved prototype keys before storing overrides.
- Restricted command gates (`bash`, `config`, `debug`) now require own-property boolean flags, preventing inherited prototype values from enabling commands.
### Fix Commit(s)
- `fbb79d4013000552d6a2c23b9613d8b3cb92f6b6`
### Release Process Note
`patched_versions` is pre-set to `2026.2.21` so after the npm release is live, this advisory can be published immediately.
OpenClaw thanks @tdjackey for reporting.
ghsa CVSS4.0
2.0
Vulnerability type
CWE-1321
Prototype Pollution
Published: 3 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026