CVE-2026-31998

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-31998

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31998.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-31998

Aliases

GHSA-gw85-xp4q-5gp9

Downstream

MINI-5vq9-m9fx-4vrw

Published

2026-03-19T02:16:05.347Z

Modified

2026-04-10T05:42:14.704820Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization bypass vulnerability in the synology-chat channel plugin where dmPolicy set to allowlist with empty allowedUserIds fails open. Attackers with Synology sender access can bypass authorization checks and trigger unauthorized agent dispatch and downstream tool actions.

References

Affected packages

Git / github.com/openclaw/openclaw

Affected ranges

Type

GIT

Repo

https://github.com/openclaw/openclaw

Events

Introduced

a54dc7fe80fc02e2a02e6901668a468fcb0cf8b4

Fixed

51d76eb13a24c0ebd95abd95745693a3cf7f85af

Fixed

0ee30361b8f6ef3f110f3a7b001da6dd3df96bb5

Fixed

7655c0cb3a47d0647cbbf5284e177f90b4b82ddb

Database specific

{
    "versions": [
        {
            "introduced": "2026.2.22"
        },
        {
            "fixed": "2026.2.24"
        }
    ]
}

Affected versions

v2026.*

v2026.2.22

v2026.2.23

v2026.2.23-beta.1

v2026.2.24-beta.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31998.json"