CVE-2026-45006
OpenClaw · OpenClaw
A vulnerability in OpenClaw allows for unsafe configuration mutation via a gateway tool denylist bypass, enabling unauthorized system changes.
Executive summary
An unsafe configuration mutation flaw in OpenClaw allows authenticated attackers to bypass security filters and compromise system settings.
Vulnerability
This is an Incomplete List of Disallowed Inputs (CWE-184) vulnerability. It allows an authenticated user to bypass input validation filters, leading to unauthorized configuration mutations via the gateway tool.
Business impact
By bypassing denylist filters, an attacker can modify system configurations that should be restricted, leading to significant security degradation. A CVSS score of 8.8 indicates a high-severity risk, where successful exploitation could lead to full loss of control over the application's operational parameters.
Remediation
Immediate Action: Update the OpenClaw package to version 2026.4.23 to resolve the input validation bypass.
Proactive Monitoring: Audit system configuration changes and logs for any modifications made via the gateway tool that deviate from established operational baselines.
Compensating Controls: Restrict access to the affected gateway tool to only authorized personnel and implement strict egress filtering to prevent unauthorized configuration pushes.
Exploitation status
Public Exploit Available: No confirmed public exploit (Metasploit/ExploitDB).
Analyst recommendation
This vulnerability represents a significant risk to system stability and security. It is recommended that all users of OpenClaw update their instances to the 2026.4.23 release immediately to ensure input validation mechanisms are correctly enforced.