Vulnerability Description
OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in allow-always wrapper persistence that allows attackers to bypass approval checks by persisting wrapper-level allowlist entries instead of validating inner executable intent. Remote attackers can approve benign wrapped system.run commands and subsequently execute different payloads without approval, enabling remote code execution on gateway and node-host execution flows.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openclaw | Openclaw | < 2026.2.22 |
Related Weaknesses (CWE)
References
- https://github.com/openclaw/openclaw/commit/24c954d972400f508814532dea0e4dcb3841Patch
- https://github.com/openclaw/openclaw/security/advisories/GHSA-6j27-pc5c-m8w8MitigationVendor Advisory
- https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-allow-alwThird Party Advisory
FAQ
What is CVE-2026-29607?
CVE-2026-29607 is a vulnerability with a CVSS score of 6.8 (MEDIUM). OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in allow-always wrapper persistence that allows attackers to bypass approval checks by persisting wrapper-level allow...
How severe is CVE-2026-29607?
CVE-2026-29607 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-29607?
Check the references section above for vendor advisories and patch information. Affected products include: Openclaw Openclaw.