OpenClaw: Gateway Backend Reconnect lets Non-Admin Operator Scopes Self-Claim operator.admin

Summary

Gateway Backend Reconnect lets Non-Admin Operator Scopes Self-Claim operator.admin

Affected Packages / Versions

Package: openclaw
Affected versions: <= 2026.3.24
First patched version: 2026.3.25
Latest published npm version at verification time: 2026.3.24

Details

Backend-labeled reconnects could previously self-request broader scopes and bypass pairing, allowing non-admin operators to reconnect as operator.admin. Commit d3d8e316bd819d3c7e34253aeb7eccb2510f5f48 removes the backend self-pairing skip and requires pairing when requested scopes exceed the approved baseline.

Verified vulnerable on tag v2026.3.24 and fixed on main by commit d3d8e316bd819d3c7e34253aeb7eccb2510f5f48.

Fix Commit(s)

d3d8e316bd819d3c7e34253aeb7eccb2510f5f48

References

steipete published to openclaw/openclaw Mar 26, 2026

Published to the GitHub Advisory Database Mar 27, 2026

Reviewed Mar 27, 2026

Last updated Mar 27, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Package

Affected versions

Patched versions

Description

Summary

Affected Packages / Versions

Details

Fix Commit(s)

References

Severity

CVSS overall score

CVSS v4 base metrics

Exploitability Metrics

Vulnerable System Impact Metrics

Subsequent System Impact Metrics

CVSS v4 base metrics

Exploitability Metrics

Vulnerable System Impact Metrics

Subsequent System Impact Metrics

EPSS score

Weaknesses

Improper Privilege Management

Incorrect Authorization

CVE ID

GHSA ID

Source code

Credits

Uh oh!