What is GHSA-9wcx-q3fh-qg43?

GHSA-9wcx-q3fh-qg43 is a security advisory published by GitHub Security Advisories with High severity. OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route...

Which CVE IDs does GHSA-9wcx-q3fh-qg43 cover?

GHSA-9wcx-q3fh-qg43 covers the following CVE IDs: CVE-2026-35674. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-9wcx-q3fh-qg43?

GHSA-9wcx-q3fh-qg43 has a CVSS v3 base score of 8.8, published by GitHub Security Advisories.

GHSA-9wcx-q3fh-qg43HighCVSS 8.8

OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route...

Vendor

GitHub Security Advisories

Published

May 29, 2026

Last Modified

May 29, 2026

🔗 CVE IDs covered (1)

CVE-2026-35674 →

📋 Description

OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route that allows scoped clients to execute privileged commands. Attackers with operator.write scope can deliver commands through inherited external routes to bypass operator.approvals and operator.admin scope requirements, enabling unauthorized plugin, config, MCP, allowlist, and ACP mutations.

🔗 References (4)

https://github.com/openclaw/openclaw/security/advisories/GHSA-hw9r-h9mr-4jff
https://nvd.nist.gov/vuln/detail/CVE-2026-35674
https://www.vulncheck.com/advisories/openclaw-scope-bypass-via-inherited-chat-send-route
https://github.com/advisories/GHSA-9wcx-q3fh-qg43