Authorization Bypass in OpenClaw WebSocket Connections
CVE-2026-22172

9.4CRITICAL

Key Information:

Vendor: Openclaw
Status: Openclaw
Vendor: CVE Published:; 20 March 2026

What is CVE-2026-22172?

OpenClaw versions prior to 2026.3.12 are susceptible to an authorization bypass vulnerability within the WebSocket connection process. This flaw allows attackers to exploit shared-token or password-authenticated connections, enabling them to declare elevated scopes without the necessary server-side validation. As a result, unauthorized users can gain access to sensitive operations that are typically reserved for admin users, such as the 'operator.admin' scope. This logic flaw poses significant security risks, potentially allowing malicious actors to manipulate system operations and access sensitive data.

Affected Version(s)

OpenClaw 0 < 2026.3.12

OpenClaw 2026.3.12

References

https://github.com/openclaw/openclaw/security/advisories/...

vendor-advisory

https://www.vulncheck.com/advisories/openclaw-scope-eleva...

third-party-advisory

CVSS V4

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2026
Vulnerability Reserved
Jan 6, 2026

Credit

Yekai Chen (@LUOYEcode)

CVE-2026-22172 Data

JSON

Openclaw

What is CVE-2026-22172?

Affected Version(s)

References

CVSS V4

Timeline

Credit