CVE-2026-45006HIGH 8.8EPSS p38.2%

CVE-2026-45006CVE-2026-45006

Description

OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows compromised models to write unsafe configuration changes by bypassing an incomplete denylist protection. Attackers can persist malicious config modifications affecting command execution, network behavior, credentials, and operator policies that survive restart.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.49% probability of exploitation · percentile 38.2% · 2026-06-19T12:03:05Z
Published2026-05-11
Last modified2026-05-13

Underlying weaknesses· 1

CWE-184

References

  1. https://github.com/openclaw/openclaw/commit/bceda6089aa7b3695cc7696b43c61ae3d01bb0ec
  2. https://github.com/openclaw/openclaw/security/advisories/GHSA-cwj3-vqpp-pmxr
  3. https://www.vulncheck.com/advisories/openclaw-unsafe-config-mutation-via-gateway-tool-denylist-bypass

1

TypeTargetConfidenceTier
WeaknessIncomplete List of Disallowed Inputscwe-1840%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-35660
CVE
CVE-2026-32914
CVE
CVE-2026-28466
CVE
CVE-2026-41404
CVE
CVE-2026-32051
CVE
CVE-2026-22172
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.