CWE-639
AllowedAuthorization Bypass Through User-Controlled Key
Abstraction: Base · Status: Incomplete
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
3254 vulnerabilities reference this CWE, most recent first.
GHSA-9559-P654-PM2C
Vulnerability from github – Published: 2025-09-02 15:31 – Updated: 2026-06-06 09:31Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft ProKuafor allows Resource Leak Exposure.This issue affects ProKuafor: from s1.02.07 before v1.02.08.
{
"affected": [],
"aliases": [
"CVE-2025-0670"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-02T14:15:33Z",
"severity": "MODERATE"
},
"details": "Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft ProKuafor allows Resource Leak Exposure.This issue affects ProKuafor: from s1.02.07 before v1.02.08.",
"id": "GHSA-9559-p654-pm2c",
"modified": "2026-06-06T09:31:12Z",
"published": "2025-09-02T15:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0670"
},
{
"type": "WEB",
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0204"
},
{
"type": "WEB",
"url": "https://www.usom.gov.tr/bildirim/tr-25-0204"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-958H-QP3X-Q4GJ
Vulnerability from github – Published: 2026-05-05 22:16 – Updated: 2026-05-13 14:20Summary
plugin/PayPalYPT/agreementCancel.json.php cancels a PayPal billing agreement using an attacker-supplied agreement parameter without verifying that the authenticated user owns the agreement. A low-privilege authenticated user who learns or obtains another user's PayPal billing agreement ID can silently suspend the victim's recurring subscription, causing revenue loss to the platform and loss of paid service to the victim.
Details
AVideo's PayPalYPT plugin ships two near-duplicate endpoints that cancel a PayPal billing agreement. Only one of them enforces ownership:
-
plugin/PayPalYPT/PayPalAgreementCancel.json.php:19— correctly requires either admin or the agreement's owner:php if (!User::isAdmin() && !Subscription::isAgreementFromUser($_POST['agreement_id'], User::getId())) { $obj->msg = "Only the owner can delete his agreement"; die(json_encode($obj)); } -
plugin/PayPalYPT/agreementCancel.json.php:9-26— only checksUser::isLogged()(in fact twice, redundantly) and then calls the cancellation directly:
php
if (!User::isLogged()) { ... die; } // line 9
if (empty($_REQUEST['agreement'])) { ... die; } // line 14
if (!User::isLogged()) { ... die; } // line 19 — duplicate; no ownership check
$plugin = AVideoPlugin::loadPluginIfEnabled("PayPalYPT");
$agreement = PayPalYPT::cancelAgreement($_REQUEST['agreement']); // line 26
PayPalYPT::cancelAgreement() at plugin/PayPalYPT/PayPalYPT.php:548-566 resolves the agreement ID against PayPal and calls $createdAgreement->suspend($agreementStateDescriptor, $apiContext) unconditionally — the server does not verify that the logged-in user's users_id matches the owner recorded in PayPalYPT_log (or wherever the agreement was registered):
public static function cancelAgreement($agreement_id)
{
...
$createdAgreement = self::getBillingAgreement($agreement_id);
try {
$createdAgreement->suspend($agreementStateDescriptor, $apiContext);
return Agreement::get($createdAgreement->getId(), $apiContext);
} catch (Exception $ex) {
return false;
}
}
The intended UI caller is subscriptions_list.php:84 which posts the current user's own agreement IDs — but the server accepts any agreement parameter from any logged-in user. Agreement IDs can leak via _error_log entries written in agreementCancel.json.php:34 and webhook.php during normal operation, via PayPal receipt emails, or via other administrative and payment-log screens. No CSRF token is required, but the root defect is missing authorization, not CSRF.
PoC
- Log in as any low-privilege user (registered subscriber, commenter, free-tier account created via
signUp). - Obtain the target's PayPal agreement ID (e.g.,
I-ABCD1234XYZ). This may come from server error logs, email receipts, admin/payment screens, or other disclosures. - Send the request with the victim's agreement ID:
bash
curl -X POST 'https://target.example/plugin/PayPalYPT/agreementCancel.json.php' \
-b 'PHPSESSID=<attacker_session>' \
-d 'agreement=I-ABCD1234XYZ'
- Expected response:
json {"error":false,"msg":""}The victim's billing agreement is suspended at PayPal viaAgreement::suspend()(PayPalYPT.php:560). The victim stops being billed; AVideo subsequently reflects the subscription as inactive.
Impact
- Any authenticated user can silently cancel another user's active PayPal recurring billing agreement.
- Revenue disruption for the platform operator — any affected subscribers stop being billed.
- Service disruption for the victim — their paid subscription lapses.
- The defect is purely an authorization gap; the sister endpoint
PayPalAgreementCancel.json.phpdemonstrates that the owner/admin check was intentional for this action but was not applied to this duplicate.
Recommended Fix
Port the ownership check from the sister endpoint into agreementCancel.json.php:
if (!User::isAdmin() && !Subscription::isAgreementFromUser($_REQUEST['agreement'], User::getId())) {
$obj->msg = "Only the owner can cancel this agreement";
die(json_encode($obj));
}
Alternative, preferred remediation: delete the duplicate agreementCancel.json.php entirely and point the cancelAgreement() JS helper in subscriptions_list.php:84 at the already-protected PayPalAgreementCancel.json.php endpoint (sending the expected agreement_id POST field). While patching, also remove the redundant second User::isLogged() branch at line 19.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "wwbn/avideo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "29.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-43883"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-05T22:16:12Z",
"nvd_published_at": "2026-05-11T22:22:12Z",
"severity": "MODERATE"
},
"details": "## Summary\n\n`plugin/PayPalYPT/agreementCancel.json.php` cancels a PayPal billing agreement using an attacker-supplied `agreement` parameter without verifying that the authenticated user owns the agreement. A low-privilege authenticated user who learns or obtains another user\u0027s PayPal billing agreement ID can silently suspend the victim\u0027s recurring subscription, causing revenue loss to the platform and loss of paid service to the victim.\n\n## Details\n\nAVideo\u0027s PayPalYPT plugin ships two near-duplicate endpoints that cancel a PayPal billing agreement. Only one of them enforces ownership:\n\n- `plugin/PayPalYPT/PayPalAgreementCancel.json.php:19` \u2014 correctly requires either admin or the agreement\u0027s owner:\n ```php\n if (!User::isAdmin() \u0026\u0026 !Subscription::isAgreementFromUser($_POST[\u0027agreement_id\u0027], User::getId())) {\n $obj-\u003emsg = \"Only the owner can delete his agreement\";\n die(json_encode($obj));\n }\n ```\n\n- `plugin/PayPalYPT/agreementCancel.json.php:9-26` \u2014 only checks `User::isLogged()` (in fact twice, redundantly) and then calls the cancellation directly:\n\n ```php\n if (!User::isLogged()) { ... die; } // line 9\n if (empty($_REQUEST[\u0027agreement\u0027])) { ... die; } // line 14\n if (!User::isLogged()) { ... die; } // line 19 \u2014 duplicate; no ownership check\n $plugin = AVideoPlugin::loadPluginIfEnabled(\"PayPalYPT\");\n $agreement = PayPalYPT::cancelAgreement($_REQUEST[\u0027agreement\u0027]); // line 26\n ```\n\n`PayPalYPT::cancelAgreement()` at `plugin/PayPalYPT/PayPalYPT.php:548-566` resolves the agreement ID against PayPal and calls `$createdAgreement-\u003esuspend($agreementStateDescriptor, $apiContext)` unconditionally \u2014 the server does not verify that the logged-in user\u0027s `users_id` matches the owner recorded in `PayPalYPT_log` (or wherever the agreement was registered):\n\n```php\npublic static function cancelAgreement($agreement_id)\n{\n ...\n $createdAgreement = self::getBillingAgreement($agreement_id);\n try {\n $createdAgreement-\u003esuspend($agreementStateDescriptor, $apiContext);\n return Agreement::get($createdAgreement-\u003egetId(), $apiContext);\n } catch (Exception $ex) {\n return false;\n }\n}\n```\n\nThe intended UI caller is `subscriptions_list.php:84` which posts the current user\u0027s own agreement IDs \u2014 but the server accepts any `agreement` parameter from any logged-in user. Agreement IDs can leak via `_error_log` entries written in `agreementCancel.json.php:34` and `webhook.php` during normal operation, via PayPal receipt emails, or via other administrative and payment-log screens. No CSRF token is required, but the root defect is missing authorization, not CSRF.\n\n## PoC\n\n1. Log in as any low-privilege user (registered subscriber, commenter, free-tier account created via `signUp`).\n2. Obtain the target\u0027s PayPal agreement ID (e.g., `I-ABCD1234XYZ`). This may come from server error logs, email receipts, admin/payment screens, or other disclosures.\n3. Send the request with the victim\u0027s agreement ID:\n\n ```bash\n curl -X POST \u0027https://target.example/plugin/PayPalYPT/agreementCancel.json.php\u0027 \\\n -b \u0027PHPSESSID=\u003cattacker_session\u003e\u0027 \\\n -d \u0027agreement=I-ABCD1234XYZ\u0027\n ```\n\n4. Expected response:\n ```json\n {\"error\":false,\"msg\":\"\"}\n ```\n The victim\u0027s billing agreement is suspended at PayPal via `Agreement::suspend()` (PayPalYPT.php:560). The victim stops being billed; AVideo subsequently reflects the subscription as inactive.\n\n## Impact\n\n- Any authenticated user can silently cancel another user\u0027s active PayPal recurring billing agreement.\n- Revenue disruption for the platform operator \u2014 any affected subscribers stop being billed.\n- Service disruption for the victim \u2014 their paid subscription lapses.\n- The defect is purely an authorization gap; the sister endpoint `PayPalAgreementCancel.json.php` demonstrates that the owner/admin check was intentional for this action but was not applied to this duplicate.\n\n## Recommended Fix\n\nPort the ownership check from the sister endpoint into `agreementCancel.json.php`:\n\n```php\nif (!User::isAdmin() \u0026\u0026 !Subscription::isAgreementFromUser($_REQUEST[\u0027agreement\u0027], User::getId())) {\n $obj-\u003emsg = \"Only the owner can cancel this agreement\";\n die(json_encode($obj));\n}\n```\n\nAlternative, preferred remediation: delete the duplicate `agreementCancel.json.php` entirely and point the `cancelAgreement()` JS helper in `subscriptions_list.php:84` at the already-protected `PayPalAgreementCancel.json.php` endpoint (sending the expected `agreement_id` POST field). While patching, also remove the redundant second `User::isLogged()` branch at line 19.",
"id": "GHSA-958h-qp3x-q4gj",
"modified": "2026-05-13T14:20:37Z",
"published": "2026-05-05T22:16:12Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-958h-qp3x-q4gj"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43883"
},
{
"type": "WEB",
"url": "https://github.com/WWBN/AVideo/commit/0da3dcff1eda2f497694bf82b559829471c292c2"
},
{
"type": "PACKAGE",
"url": "https://github.com/WWBN/AVideo"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "AVideo: IDOR in PayPalYPT Plugin Allows Any Authenticated User to Cancel Arbitrary PayPal Subscription Agreements"
}
GHSA-9672-4FH3-MCFG
Vulnerability from github – Published: 2022-11-10 12:01 – Updated: 2022-11-11 12:00Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project's Audit Events and Developers or Maintainers to view the group's Audit Events. These should have been restricted to Project Maintainers, Group Owners, and above.
{
"affected": [],
"aliases": [
"CVE-2022-3413"
],
"database_specific": {
"cwe_ids": [
"CWE-639",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-10T00:15:00Z",
"severity": "MODERATE"
},
"details": "Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project\u0027s Audit Events and Developers or Maintainers to view the group\u0027s Audit Events. These should have been restricted to Project Maintainers, Group Owners, and above.",
"id": "GHSA-9672-4fh3-mcfg",
"modified": "2022-11-11T12:00:29Z",
"published": "2022-11-10T12:01:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3413"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3413.json"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/374926"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-96C8-XGPW-CF29
Vulnerability from github – Published: 2022-05-13 01:48 – Updated: 2025-05-30 18:30An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization when listing the history of another user via a modified "vaultize_session_id" value in a cookie.
{
"affected": [],
"aliases": [
"CVE-2018-10211"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-04-25T18:29:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization when listing the history of another user via a modified \"vaultize_session_id\" value in a cookie.",
"id": "GHSA-96c8-xgpw-cf29",
"modified": "2025-05-30T18:30:33Z",
"published": "2022-05-13T01:48:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10211"
},
{
"type": "WEB",
"url": "https://cds.thalesgroup.com/en/tcs-cert/CVE-2018-10211"
},
{
"type": "WEB",
"url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-10211"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-96CQ-CJ7W-27G2
Vulnerability from github – Published: 2023-04-05 21:30 – Updated: 2023-04-12 21:30An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible for an unauthorised user to add child epics linked to victim's epic in an unrelated group.
{
"affected": [],
"aliases": [
"CVE-2023-1417"
],
"database_specific": {
"cwe_ids": [
"CWE-639",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-05T21:15:00Z",
"severity": "MODERATE"
},
"details": "An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible for an unauthorised user to add child epics linked to victim\u0027s epic in an unrelated group.",
"id": "GHSA-96cq-cj7w-27g2",
"modified": "2023-04-12T21:30:21Z",
"published": "2023-04-05T21:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1417"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/1892200"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1417.json"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/396720"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-972W-3XCP-6VCV
Vulnerability from github – Published: 2022-05-24 17:40 – Updated: 2022-05-24 17:40Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.2.
{
"affected": [],
"aliases": [
"CVE-2020-36231"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-02T00:15:00Z",
"severity": "MODERATE"
},
"details": "Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.2.",
"id": "GHSA-972w-3xcp-6vcv",
"modified": "2022-05-24T17:40:45Z",
"published": "2022-05-24T17:40:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36231"
},
{
"type": "WEB",
"url": "https://jira.atlassian.com/browse/JRASERVER-72002"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-978C-95PR-X896
Vulnerability from github – Published: 2026-06-05 15:32 – Updated: 2026-06-05 15:32Authorization bypass through User-Controlled key vulnerability in HAVELSAN Inc. Geographic Tracking System allows Exploitation of Trusted Identifiers.
This issue affects Geographic Tracking System: before v0.0.2.
{
"affected": [],
"aliases": [
"CVE-2026-6208"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-05T15:16:53Z",
"severity": "CRITICAL"
},
"details": "Authorization bypass through User-Controlled key vulnerability in HAVELSAN Inc. Geographic Tracking System allows Exploitation of Trusted Identifiers.\n\nThis issue affects Geographic Tracking System: before v0.0.2.",
"id": "GHSA-978c-95pr-x896",
"modified": "2026-06-05T15:32:26Z",
"published": "2026-06-05T15:32:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6208"
},
{
"type": "WEB",
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0325"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-97F9-42CR-FPVX
Vulnerability from github – Published: 2025-08-05 18:30 – Updated: 2025-08-05 18:30Insecure Direct Object Reference (IDOR) vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the DocumentoId parameter.
{
"affected": [],
"aliases": [
"CVE-2025-51628"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-05T18:15:34Z",
"severity": "HIGH"
},
"details": "Insecure Direct Object Reference (IDOR) vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the DocumentoId parameter.",
"id": "GHSA-97f9-42cr-fpvx",
"modified": "2025-08-05T18:30:44Z",
"published": "2025-08-05T18:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-51628"
},
{
"type": "WEB",
"url": "https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-2025-51628%20%7C%20Eccobook.md"
},
{
"type": "WEB",
"url": "http://agenzia.com"
},
{
"type": "WEB",
"url": "http://eccobook.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-97R2-X6VV-3CX9
Vulnerability from github – Published: 2026-01-22 18:30 – Updated: 2026-01-26 21:30Authorization Bypass Through User-Controlled Key vulnerability in Elated-Themes Sweet Jane sweetjane allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sweet Jane: from n/a through <= 1.2.
{
"affected": [],
"aliases": [
"CVE-2026-22426"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-22T17:16:34Z",
"severity": "MODERATE"
},
"details": "Authorization Bypass Through User-Controlled Key vulnerability in Elated-Themes Sweet Jane sweetjane allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sweet Jane: from n/a through \u003c= 1.2.",
"id": "GHSA-97r2-x6vv-3cx9",
"modified": "2026-01-26T21:30:32Z",
"published": "2026-01-22T18:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22426"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Theme/sweetjane/vulnerability/wordpress-sweet-jane-theme-1-2-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-985F-72MJ-8GF7
Vulnerability from github – Published: 2026-06-18 13:04 – Updated: 2026-06-18 13:04Summary
Tool group policy callers could accept unvalidated group IDs. In affected versions, a caller that can supply a group id to the affected policy resolver could resolve policy for an unvalidated group id.
This advisory is scoped to the named feature and configuration. It does not change OpenClaw's trusted-operator model: authenticated Gateway operators, installed plugins, and intentional local execution surfaces remain trusted unless a separate policy, approval, allowlist, sandbox, or auth boundary is crossed.
Impact
When the affected feature is enabled and reachable, this could apply the wrong group-policy decision for a tool invocation. Practical impact depends on the operator's configuration and whether lower-trust input can reach that path.
Patched Versions
The first stable patched version is 2026.4.25.
Mitigations
avoid exposing group-policy controlled tools to untrusted senders until patched. As general hardening, keep channel and tool allowlists narrow, avoid sharing one Gateway between mutually untrusted users, and disable the affected feature when it is not needed.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2026.4.24"
},
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.4.25"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-53863"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-18T13:04:37Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Summary\n\nTool group policy callers could accept unvalidated group IDs. In affected versions, a caller that can supply a group id to the affected policy resolver could resolve policy for an unvalidated group id.\n\nThis advisory is scoped to the named feature and configuration. It does not change OpenClaw\u0027s trusted-operator model: authenticated Gateway operators, installed plugins, and intentional local execution surfaces remain trusted unless a separate policy, approval, allowlist, sandbox, or auth boundary is crossed.\n\n### Impact\n\nWhen the affected feature is enabled and reachable, this could apply the wrong group-policy decision for a tool invocation. Practical impact depends on the operator\u0027s configuration and whether lower-trust input can reach that path.\n\n### Patched Versions\n\nThe first stable patched version is `2026.4.25`.\n\n### Mitigations\n\navoid exposing group-policy controlled tools to untrusted senders until patched. As general hardening, keep channel and tool allowlists narrow, avoid sharing one Gateway between mutually untrusted users, and disable the affected feature when it is not needed.",
"id": "GHSA-985f-72mj-8gf7",
"modified": "2026-06-18T13:04:37Z",
"published": "2026-06-18T13:04:37Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-985f-72mj-8gf7"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53863"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openclaw-unvalidated-group-id-acceptance-in-tool-group-policy"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "OpenClaw: Tool group policy callers could accept unvalidated group IDs"
}
Mitigation
For each and every data access, ensure that the user has sufficient privilege to access the record that is being requested.
Mitigation
Make sure that the key that is used in the lookup of a specific user's record is not controllable externally by the user or that any tampering can be detected.
Mitigation
Use encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering.
No CAPEC attack patterns related to this CWE.