CVE-2026-31998HIGH 8.6EPSS p23.6%

CVE-2026-31998CVE-2026-31998

Description

OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization bypass vulnerability in the synology-chat channel plugin where dmPolicy set to allowlist with empty allowedUserIds fails open. Attackers with Synology sender access can bypass authorization checks and trigger unauthorized agent dispatch and downstream tool actions.

Scoring

CVSS 3.18.6 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
EPSS0.32% probability of exploitation · percentile 23.6% · 2026-06-19T12:03:05Z
Published2026-03-19
Last modified2026-03-25

Underlying weaknesses· 1

CWE-863

References

  1. https://github.com/openclaw/openclaw/commit/0ee30361b8f6ef3f110f3a7b001da6dd3df96bb5
  2. https://github.com/openclaw/openclaw/commit/7655c0cb3a47d0647cbbf5284e177f90b4b82ddb
  3. https://github.com/openclaw/openclaw/security/advisories/GHSA-gw85-xp4q-5gp9
  4. https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-synology-chat-plugin-via-empty-alloweduserids

1

TypeTargetConfidenceTier
WeaknessIncorrect Authorizationcwe-8630%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-28392
CVE
CVE-2026-32916
CVE
CVE-2026-32067
CVE
CVE-2026-28448
CVE
CVE-2026-32975
CVE
CVE-2026-32914
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.