CVE
CVE-2026-41299
OpenClaw: Gateway chat.send ACP-only provenance guard could be bypassed by client identity spoofing
Summary
ACP-only provenance fields in chat.send were gated by self-declared client metadata from the WebSocket handshake rather than verified authorization state.
Impact
A normal authenticated operator client could spoof ACP identity labels and inject reserved provenance fields intended only for the ACP bridge.
Affected Component
src/gateway/server-methods/chat.ts, src/gateway/server/ws-connection/message-handler.ts
Fixed Versions
- Affected:
<= 2026.3.24 - Patched:
>= 2026.3.28 - Latest stable
2026.3.28contains the fix.
Fix
Fixed by commit 4b9542716c (Gateway: require verified scope for chat provenance).
Package Versions Affected
Package Version
patch Availability
No items found.
Automatically patch vulnerabilities without upgrading
Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request
CVSS Version
Severity
Base Score
CVSS Version
Score Vector
C
H
U
7.1
-
4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
C
H
U
0
-
C
H
U
7.5
-
3.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Related Resources
No items found.
References
https://github.com/openclaw/openclaw/security/advisories/GHSA-6xg4-82hv-cp6f, https://github.com/openclaw/openclaw/commit/4b9542716c26ac77652bcaa0f562043b298b409f, https://github.com/openclaw/openclaw
Basic Information
Ecosystem
