GHSA-xw77-45gv-p728
Suggest an improvement- Source
- https://github.com/advisories/GHSA-xw77-45gv-p728
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-xw77-45gv-p728/GHSA-xw77-45gv-p728.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-xw77-45gv-p728
- Aliases
-
- CVE-2026-32916
- Downstream
- Published
- 2026-03-13T15:47:23Z
- Modified
- 2026-04-06T23:07:05.451634Z
- Severity
-
- 9.4 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L CVSS Calculator
- Summary
- OpenClaw: Plugin subagent routes could bypass gateway authorization with synthetic admin scopes
- Details
-
Summary
In affected versions of
openclaw, the plugin subagent runtime dispatched gateway methods through a synthetic operator client that always carried broad administrative scopes. Plugin-owned HTTP routes usingauth: "plugin"could therefore trigger admin-only gateway actions without normal gateway authorization.Impact
This is a critical authorization bypass. An external unauthenticated request to a plugin-owned route could reach privileged subagent runtime methods and perform admin-only gateway actions such as deleting sessions, reading session data, or triggering agent execution.
Affected Packages and Versions
- Package:
openclaw(npm) - Affected versions:
>= 2026.3.7, < 2026.3.11 - Fixed in:
2026.3.11
Technical Details
The new plugin subagent runtime preserved neither the original caller's auth context nor least-privilege scope. Instead, it executed gateway dispatches through a fabricated operator client with administrative scopes, which was reachable from plugin-owned routes that intentionally bypass normal gateway auth so plugins can perform their own webhook verification.
Fix
OpenClaw now preserves real authorization boundaries for plugin subagent calls instead of dispatching them through synthetic admin scopes. The fix shipped in
openclaw@2026.3.11.Workarounds
Upgrade to
2026.3.11or later. - Package:
- Database specific
{ "nvd_published_at": null, "severity": "CRITICAL", "github_reviewed": true, "cwe_ids": [ "CWE-269", "CWE-285" ], "github_reviewed_at": "2026-03-13T15:47:23Z" }- References
-
- https://github.com/openclaw/openclaw/security/advisories/GHSA-xw77-45gv-p728
- https://nvd.nist.gov/vuln/detail/CVE-2026-32916
- https://github.com/openclaw/openclaw
- https://github.com/openclaw/openclaw/releases/tag/v2026.3.11
- https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-plugin-subagent-routes-via-synthetic-admin-scopes
Affected packages
npm / openclaw
Package
- Name
- openclaw
- View open source insights on deps.dev
- Purl
- pkg:npm/openclaw