CVE
CVE-2026-35669
OpenClaw: Gateway Plugin HTTP Auth Grants Unrestricted operator.admin Runtime Scope to All Callers
Summary
Gateway Plugin HTTP auth: "gateway" Mints operator.admin Runtime Scope
Affected Packages / Versions
- Package:
openclaw - Affected versions:
<= 2026.3.24 - First patched version:
2026.3.25 - Latest published npm version at verification time:
2026.3.24
Details
Gateway-authenticated plugin HTTP routes previously created a runtime scope set that included operator.admin regardless of caller-granted scopes. Commit ec2dbcff9afd8a52e00de054b506c91726d9fbbe keeps plugin HTTP runtime scopes least-privileged and preserves caller scope boundaries.
Verified vulnerable on tag v2026.3.24 and fixed on main by commit ec2dbcff9afd8a52e00de054b506c91726d9fbbe.
Fix Commit(s)
ec2dbcff9afd8a52e00de054b506c91726d9fbbe
Package Versions Affected
Package Version
patch Availability
No items found.
Automatically patch vulnerabilities without upgrading
Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request
CVSS Version
Severity
Base Score
CVSS Version
Score Vector
C
H
U
8.7
-
4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
C
H
U
0
-
C
H
U
8.1
-
3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Related Resources
No items found.
References
https://github.com/openclaw/openclaw/security/advisories/GHSA-qm2m-28pf-hgjw, https://github.com/openclaw/openclaw/commit/ec2dbcff9afd8a52e00de054b506c91726d9fbbe, https://github.com/openclaw/openclaw
Basic Information
Ecosystem
