Authorization Bypass in OpenClaw WebSocket Connections
CVE-2026-22172

9.4CRITICAL

Key Information:

Vendor: Openclaw
Status: Openclaw
Vendor: CVE Published:; 20 March 2026

What is CVE-2026-22172?

OpenClaw versions prior to 2026.3.12 are susceptible to an authorization bypass vulnerability within the WebSocket connection process. This flaw allows attackers to exploit shared-token or password-authenticated connections, enabling them to declare elevated scopes without the necessary server-side validation. As a result, unauthorized users can gain access to sensitive operations that are typically reserved for admin users, such as the 'operator.admin' scope. This logic flaw poses significant security risks, potentially allowing malicious actors to manipulate system operations and access sensitive data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

OpenClaw 0 < 2026.3.12

OpenClaw 2026.3.12

References

https://github.com/openclaw/openclaw/security/advisories/...

vendor-advisory

https://www.vulncheck.com/advisories/openclaw-scope-eleva...

third-party-advisory

CVSS V4

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Mar 20, 2026
Vulnerability Reserved
Jan 6, 2026

Credit

Yekai Chen (@LUOYEcode)

JSON

Openclaw

What is CVE-2026-22172?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.