This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: OpenClaw suffers from a **Privilege Escalation** flaw. The system fails to downgrade permissions correctly when handling specific events.β¦
π‘οΈ **Root Cause**: **CWE-184** (Incomplete List of Disallowed Inputs). The **Heartbeat Owner Downgrade Logic** is flawed. It skips the security check when processing **Webhook Wake Events** carrying untrusted content. π«
Q3Who is affected? (Versions/Components)
π¦ **Affected**: **OpenClaw** product. π **Versions**: All versions **before 2026.4.14**, specifically those prior to **2026.4.7**. β **Fixed**: Version **2026.4.14** and later.
Q4What can hackers do? (Privileges/Data)
π» **Attackers Can**: Escalate privileges from standard user to **Owner/Root**. ποΈ **Impact**: Gain **High** Confidentiality & Integrity impact.β¦
β‘ **Threshold**: **LOW**. π **Vector**: Network (AV:N). π **Auth**: None required (PR:N). ποΈ **UI**: None required (UI:N). π― **Complexity**: Low (AC:L). This is a **Remote, Unauthenticated** exploit! π±
Q6Is there a public Exp? (PoC/Wild Exploitation)
π΅οΈ **Public Exp?**: **No**. The `pocs` field is empty. π **Advisories**: GitHub (GHSA-g2hm-779g-vm32) and VulnCheck have published details, but no functional PoC code is publicly available yet. π«
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for **OpenClaw** instances. π **Verify Version**: Ensure you are running **2026.4.14** or newer.β¦
π§ **Official Fix**: **YES**. π **Patch**: Commit `31281bc92f55796817a92bc43f722cba1e77ab42`. π **Action**: Upgrade OpenClaw to version **2026.4.14** immediately to close the privilege escalation gap. β
Q9What if no patch? (Workaround)
π§ **No Patch?**: If you cannot upgrade, strictly **validate inputs** for Webhook Wake Events. π‘οΈ **Mitigation**: Implement strict allow-lists for webhook sources.β¦
π₯ **Urgency**: **CRITICAL**. π¨ **Priority**: **P1**. With **CVSS 9.0+** (High C/I, N A) and **No Auth** required, this is a high-risk, easy-to-exploit vulnerability.β¦