CVE-2026-45001— OpenClaw < 2026.4.20 - Gateway Config Mutation Guard Bypass via Agent Tool Access
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-45001
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenClaw < 2026.4.20 - Gateway Config Mutation Guard Bypass via Agent Tool Access
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenClaw before 2026.4.20 contains a guard bypass vulnerability in the agent-facing gateway config.patch and config.apply endpoints that fails to protect operator-trusted settings including sandbox policy, plugin enablement, gateway auth/TLS, hook routing, MCP server configuration, SSRF policy, and filesystem hardening. A prompt-injected model with access to the owner-only gateway tool can persist unauthorized changes to protected operator settings.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenClaw 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.4.20之前版本存在安全漏洞,该漏洞源于代理面向网关config.patch和config.apply端点中的防护绕过,未能保护操作员信任的设置,包括沙箱策略、插件启用、网关认证/TLS、钩子路由、MCP服务器配置、SSRF策略和文件系统加固。具有所有者网关工具访问权限的提示注入模型可持久化对受保护操作员设置的未授权更改。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-45001
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-45001
请登录查看更多情报信息。
Same Patch Batch · OpenClaw · 2026-05-11 · 18 CVEs total
| CVE-2026-45223 | 8.8 HIGH | Crabbox < 0.9.0 Authentication Bypass via Admin Claim Injection |
| CVE-2026-45006 | 8.8 HIGH | OpenClaw < 2026.4.23 - Unsafe Config Mutation via Gateway Tool Denylist Bypass |
| CVE-2026-45004 | 7.8 HIGH | OpenClaw < 2026.4.23 - Arbitrary Code Execution via setup-api.js in Current Working Direct |
| CVE-2026-44995 | 7.3 HIGH | OpenClaw < 2026.4.20 - Arbitrary Code Execution via MCP stdio Environment Variables |
| CVE-2026-45224 | 7.1 HIGH | Crabbox < 0.9.0 Path Traversal via Islo Provider Workspace Resolution |
| CVE-2026-45005 | 6.0 MEDIUM | OpenClaw < 2026.4.23 - Webhook Route Secret Cache Not Invalidated After Rotation |
| CVE-2026-44993 | 5.4 MEDIUM | OpenClaw < 2026.4.20 - Direct Message Misclassification in Feishu Card Actions |
| CVE-2026-44998 | 5.4 MEDIUM | OpenClaw < 2026.4.20 - Tool Policy Bypass via Bundled MCP/LSP Tools |
| CVE-2026-44999 | 5.3 MEDIUM | OpenClaw < 2026.4.20 - Improper Trust Labeling in Isolated Cron Awareness Events |
| CVE-2026-44994 | 5.3 MEDIUM | OpenClaw < 2026.4.22 - Authentication Bypass in Gateway Control UI Bootstrap Config Endpoi |
| CVE-2026-45002 | 5.3 MEDIUM | OpenClaw < 2026.4.20 - Hook Session-Key Bypass via Template Mapping |
| CVE-2026-45000 | 5.0 MEDIUM | OpenClaw < 2026.4.20 - Server-Side Request Forgery via Browser CDP Profile Creation |
| CVE-2026-45003 | 5.0 MEDIUM | OpenClaw < 2026.4.22 - Connector Endpoint Host Override via Workspace dotenv Files |
| CVE-2026-44992 | 5.0 MEDIUM | OpenClaw 2026.4.5 < 2026.4.20 - MiniMax API Host Override via Workspace dotenv |
| CVE-2026-44997 | 4.3 MEDIUM | OpenClaw < 2026.4.22 - Security Envelope Constraint Bypass in ACP Child Sessions |
| CVE-2026-44991 | 4.2 MEDIUM | OpenClaw < 2026.4.21 - Authorization Bypass in Owner-Enforced Commands via Wildcard Channe |
| CVE-2026-44996 | 3.7 LOW | OpenClaw < 2026.4.15 - Arbitrary Local File Read via Webchat Audio Embedding |
IV. Related Vulnerabilities
Same product: OpenClaw
- CVE-2026-45006
OpenClaw < 2026.4.23 - Unsafe Config Mutation via Gateway To - CVE-2026-45005
OpenClaw < 2026.4.23 - Webhook Route Secret Cache Not Invali - CVE-2026-45004
OpenClaw < 2026.4.23 - Arbitrary Code Execution via setup-ap - CVE-2026-45002
OpenClaw < 2026.4.20 - Hook Session-Key Bypass via Template - CVE-2026-45003
OpenClaw < 2026.4.22 - Connector Endpoint Host Override via
Same vendor: OpenClaw
- CVE-2026-8634
Crabbox < v0.12.0 Environment Variable Information Disclosur - CVE-2026-8629
Crabbox < v0.12.0 Privilege Escalation via Agent Ticket Endp - CVE-2026-8621
Crabbox < v0.12.0 Authentication Bypass via Header Spoofing - CVE-2026-45224
Crabbox < 0.9.0 Path Traversal via Islo Provider Workspace R - CVE-2026-45223
Crabbox < 0.9.0 Authentication Bypass via Admin Claim Inject
Same weakness: CWE-862
- CVE-2026-2031
Google Cloud Application Integration: Exposed internal APIs - CVE-2026-7563
Classified Listing <= 5.3.10 - Missing Authorization to Auth - CVE-2026-4683
Smartcat Translator for WPML <= 3.1.77 - Missing Authorizati - CVE-2026-4094
FOX – Currency Switcher Professional for WooCommerce <= 1.4. - CVE-2026-6472
PostgreSQL CREATE TYPE does not check multirange schema CREA
V. Comments for CVE-2026-45001
No comments yet