GHSA-hg6q-r8c9-2xj5MediumCVSS 6.5

OpenClaw before 2026.5.6 contains an approval policy bypass vulnerability in the Skill Workshop...

Published
June 11, 2026
Last Modified
June 11, 2026

🔗 CVE IDs covered (1)

📋 Description

OpenClaw before 2026.5.6 contains an approval policy bypass vulnerability in the Skill Workshop apply flow that allows agent tool calls to set apply: true despite approvalPolicy: pending configuration. Attackers can exploit this by reaching the affected apply path to apply workshop changes before the expected approval step, potentially modifying configurations without proper authorization.

🔗 References (4)