This vulnerability affects OpenClaw deployments using scoped authentication tokens. An authorization mismatch allows authenticated callers with the operator.write scope to invoke privileged owner-only functions for control plane operations. Attackers can exploit this flaw to perform administrative actions beyond their intended permission level by bypassing inconsistent access checks during agent execution.
Remediation
Upgrade OpenClaw to version 2026.3.1 or later to fix the inconsistent access gating issue. Review all existing scoped token permissions to enforce the principle of least privilege for all authenticated users in your deployment.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.