GHSA-pjvx-rx66-r3fg

Source

https://github.com/advisories/GHSA-pjvx-rx66-r3fg

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-pjvx-rx66-r3fg/GHSA-pjvx-rx66-r3fg.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-pjvx-rx66-r3fg

Downstream

MINI-q4h4-p4rf-74c8

Published

2026-03-09T19:54:08Z

Modified

2026-03-09T20:01:25.895783Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

OpenClaw: Cross-account sender authorization expansion in `/allowlist ... --store` account scoping

Details

Summary

/allowlist ... --store resolved the selected channel accountId for reads, but store writes still dropped that accountId and wrote into the legacy unscoped pairing allowlist store.

Because default-account reads still merge legacy unscoped entries, a store entry intended for one account could silently authorize the same sender on the default account.

This is a real cross-account sender-authorization scoping bug. Severity is set to medium because exploitation requires an already-authorized user who can run /allowlist edits.

Affected Packages / Versions

Package: openclaw (npm)
Latest published version checked: 2026.3.2
Affected versions: <= 2026.3.2
Fixed on main: March 7, 2026 in 70da80bcb5574a10925469048d2ebb2abf882e73
Patched release: 2026.3.7

Details

The affected path was: - src/auto-reply/reply/commands-allowlist.ts:386-393 resolved accountId and read store state with it - src/auto-reply/reply/commands-allowlist.ts:697-702 and src/auto-reply/reply/commands-allowlist.ts:730-733 wrote store state without passing accountId - src/pairing/pairing-store.ts:231-234 and src/pairing/pairing-store.ts:534-554 still merged legacy unscoped allowlist entries into the default account

The fix scopes /allowlist ... --store writes to the resolved account and clears legacy default-account store entries on removal so legacy reads no longer create cross-account authorization bleed-through.

Impact

Vulnerability class: improper authorization scoping / incorrect authorization
Exploitation requires: an already-authorized sender who can run /allowlist edits
Security effect: unintended authorization expansion from one channel account into default

Fix Commit(s)

70da80bcb5574a10925469048d2ebb2abf882e73 — scope /allowlist ... --store writes by account and clean up legacy default-account removals

Release Process Note

npm 2026.3.7 was published on March 8, 2026. This advisory is fixed in the released package.

Thanks @tdjackey for reporting.

Database specific

{
    "github_reviewed_at": "2026-03-09T19:54:08Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-639",
        "CWE-863"
    ],
    "nvd_published_at": null,
    "severity": "MODERATE"
}

References

Affected packages

npm / openclaw

Package

Name: openclaw; View open source insights on deps.dev
Purl: pkg:npm/openclaw

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2026.3.7

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-pjvx-rx66-r3fg/GHSA-pjvx-rx66-r3fg.json"

last_known_affected_version_range

"<= 2026.3.2"