GHSA-hg6q-r8c9-2xj5MediumCVSS 6.5
OpenClaw before 2026.5.6 contains an approval policy bypass vulnerability in the Skill Workshop...
🔗 CVE IDs covered (1)
📋 Description
OpenClaw before 2026.5.6 contains an approval policy bypass vulnerability in the Skill Workshop apply flow that allows agent tool calls to set apply: true despite approvalPolicy: pending configuration. Attackers can exploit this by reaching the affected apply path to apply workshop changes before the expected approval step, potentially modifying configurations without proper authorization.