CWE-863
Allowed-with-ReviewIncorrect Authorization
Abstraction: Class · Status: Incomplete
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
5537 vulnerabilities reference this CWE, most recent first.
GHSA-WH3W-V6GJ-FQH2
Vulnerability from github – Published: 2026-06-17 18:35 – Updated: 2026-06-18 14:32Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects
This issue affects Apache DolphinScheduler versions prior to 3.4.2.
Users are recommended to upgrade to version 3.4.2, which fixes this issue.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.dolphinscheduler:dolphinscheduler-api"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-41280"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-18T14:32:55Z",
"nvd_published_at": "2026-06-17T13:20:38Z",
"severity": "MODERATE"
},
"details": "Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects\n\nThis issue affects Apache DolphinScheduler versions prior to 3.4.2. \n\nUsers are recommended to upgrade to version 3.4.2, which fixes this issue.",
"id": "GHSA-wh3w-v6gj-fqh2",
"modified": "2026-06-18T14:32:55Z",
"published": "2026-06-17T18:35:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41280"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/dolphinscheduler"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/5bv1njp3lbbbj11y20td5yz1b4nmrtvw"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/06/17/7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Apache DolphinScheduler: Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects"
}
GHSA-WHCC-JGF3-Q7PM
Vulnerability from github – Published: 2022-05-24 19:19 – Updated: 2022-08-06 00:00The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the logged_in_or_has_api_key function in the ~/OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with the plugin installed. This affects versions up to, and including, 2.6.4.
{
"affected": [],
"aliases": [
"CVE-2021-39341"
],
"database_specific": {
"cwe_ids": [
"CWE-285",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-01T21:15:00Z",
"severity": "HIGH"
},
"details": "The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the logged_in_or_has_api_key function in the ~/OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with the plugin installed. This affects versions up to, and including, 2.6.4.",
"id": "GHSA-whcc-jgf3-q7pm",
"modified": "2022-08-06T00:00:53Z",
"published": "2022-05-24T19:19:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39341"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/optinmonster/trunk/OMAPI/RestApi.php?rev=2606519#L1460"
},
{
"type": "WEB",
"url": "https://wordfence.com/vulnerability-advisories/#CVE-2021-39341"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/blog/2021/10/1000000-sites-affected-by-optinmonster-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WHF9-3HCX-GQ54
Vulnerability from github – Published: 2026-04-09 17:33 – Updated: 2026-05-06 02:41Impact
OpenClaw device.token.rotate mints tokens for unapproved roles, bypassing device role-upgrade pairing.
Device token rotation could mint or preserve roles/scopes that had not gone through the intended pairing approval.
OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.
Affected Packages / Versions
- Package:
openclaw(npm) - Affected versions:
<= v2026.04.01 - Patched versions:
2026.4.8
Fix
The issue was fixed on main and is available in the patched npm version listed above. The verified fixed tree is commit d7c3210cd6f5fdfdc1beff4c9541673e814354d5.
Verification
The fix was re-checked against main before publication, including targeted regression tests for the affected security boundary.
Credits
Thanks @nicky-cc of Tencent zhuque Lab (https://github.com/Tencent/AI-Infra-Guard) for reporting.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.4.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-42422"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-09T17:33:05Z",
"nvd_published_at": "2026-04-28T19:37:45Z",
"severity": "MODERATE"
},
"details": "## Impact\n\nOpenClaw `device.token.rotate` mints tokens for unapproved roles, bypassing device role-upgrade pairing.\n\nDevice token rotation could mint or preserve roles/scopes that had not gone through the intended pairing approval.\n\nOpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `\u003c= v2026.04.01`\n- Patched versions: `2026.4.8`\n\n## Fix\n\nThe issue was fixed on `main` and is available in the patched npm version listed above. The verified fixed tree is commit `d7c3210cd6f5fdfdc1beff4c9541673e814354d5`.\n\n## Verification\n\nThe fix was re-checked against `main` before publication, including targeted regression tests for the affected security boundary.\n\n## Credits\n\nThanks @nicky-cc of Tencent zhuque Lab ([https://github.com/Tencent/AI-Infra-Guard](https://github.com/Tencent/AI-Infra-Guard)) for reporting.",
"id": "GHSA-whf9-3hcx-gq54",
"modified": "2026-05-06T02:41:02Z",
"published": "2026-04-09T17:33:05Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-whf9-3hcx-gq54"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42422"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openclaw-role-bypass-in-device-token-rotate-function"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "OpenClaw `device.token.rotate` mints tokens for unapproved roles, bypassing device role-upgrade pairing"
}
GHSA-WHHH-F2G9-5MVC
Vulnerability from github – Published: 2022-05-13 01:02 – Updated: 2022-05-13 01:02Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
{
"affected": [],
"aliases": [
"CVE-2017-5060"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-10-27T05:29:00Z",
"severity": "MODERATE"
},
"details": "Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.",
"id": "GHSA-whhh-f2g9-5mvc",
"modified": "2022-05-13T01:02:41Z",
"published": "2022-05-13T01:02:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5060"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/683314"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97939"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038317"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WHHX-238V-WR87
Vulnerability from github – Published: 2024-07-26 03:30 – Updated: 2026-01-29 12:30In the System → Maintenance tool, the Logged Users tab surfaces sessionId data for all users via the Direct Web Remoting API (UserSessionAjax.getSessionList.dwr) calls. While this is information that would and should be available to admins who possess "Sign In As" powers, admins who otherwise lack this privilege would still be able to utilize the session IDs to imitate other users.
While this is a very small attack vector that requires very high permissions to execute, its danger lies principally in obfuscating attribution; all Sign In As operations are attributed appropriately in the log files, and a malicious administrator could use this information to render their dealings untraceable — including those admins who have not been granted this ability — such as by using a session ID to generate an API token.
Fixed in: 24.07.12 / 23.01.20 LTS / 23.10.24v13 LTS / 24.04.24v5 LTS
{
"affected": [],
"aliases": [
"CVE-2024-4447"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-26T02:15:10Z",
"severity": "MODERATE"
},
"details": "In the System \u2192 Maintenance tool, the Logged Users tab surfaces sessionId data for all users via the Direct Web Remoting API (UserSessionAjax.getSessionList.dwr) calls. While this is information that would and should be available to admins who possess \"Sign In As\" powers, admins who otherwise lack this privilege would still be able to utilize the session IDs to imitate other users.\n\n\nWhile this is a very small attack vector that requires very high permissions to execute, its danger lies principally in obfuscating attribution; all Sign In As operations are attributed appropriately in the log files, and a malicious administrator could use this information to render their dealings untraceable \u2014 including those admins who have not been granted this ability \u2014 such as by using a session ID to generate an API token.\n\nFixed in:\u00a024.07.12 / 23.01.20 LTS / 23.10.24v13 LTS / 24.04.24v5 LTS",
"id": "GHSA-whhx-238v-wr87",
"modified": "2026-01-29T12:30:24Z",
"published": "2024-07-26T03:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4447"
},
{
"type": "WEB",
"url": "https://auth.dotcms.com/security/SI-72"
},
{
"type": "WEB",
"url": "https://www.dotcms.com/security/SI-72"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WHJW-QRGV-PM72
Vulnerability from github – Published: 2022-05-24 17:22 – Updated: 2022-05-24 17:22Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to alter the data for the file attached to Report via unspecified vectors.
{
"affected": [],
"aliases": [
"CVE-2020-5582"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-06-30T11:15:00Z",
"severity": "MODERATE"
},
"details": "Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to alter the data for the file attached to Report via unspecified vectors.",
"id": "GHSA-whjw-qrgv-pm72",
"modified": "2022-05-24T17:22:07Z",
"published": "2022-05-24T17:22:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5582"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"type": "WEB",
"url": "https://kb.cybozu.support/article/36455"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-WHQR-FGM5-X77Q
Vulnerability from github – Published: 2026-05-28 21:32 – Updated: 2026-07-02 17:44An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federated user rescopes a token via POST /v3/auth/tokens, the handle_scoped_token() function in the mapped authentication plugin returns response data without an expires_at value. The token provider falls back to issuing a token with a fresh default TTL. By rescoping repeatedly before each token expires, a user can maintain access indefinitely, bypassing operator-configured token lifetime policies. This is a variant of CVE-2012-3426. Only deployments using federated identity (SAML2, OpenID Connect) are affected.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "keystone"
},
"ranges": [
{
"events": [
{
"introduced": "14.0.0"
},
{
"fixed": "27.0.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "keystone"
},
"ranges": [
{
"events": [
{
"introduced": "28.0.0"
},
{
"fixed": "28.0.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "keystone"
},
"ranges": [
{
"events": [
{
"introduced": "29.0.0"
},
{
"fixed": "29.0.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-44394"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-02T17:44:27Z",
"nvd_published_at": "2026-05-28T19:16:38Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token\u0027s expiry to the newly issued token. When a federated user rescopes a token via POST /v3/auth/tokens, the handle_scoped_token() function in the mapped authentication plugin returns response data without an expires_at value. The token provider falls back to issuing a token with a fresh default TTL. By rescoping repeatedly before each token expires, a user can maintain access indefinitely, bypassing operator-configured token lifetime policies. This is a variant of CVE-2012-3426. Only deployments using federated identity (SAML2, OpenID Connect) are affected.",
"id": "GHSA-whqr-fgm5-x77q",
"modified": "2026-07-02T17:44:27Z",
"published": "2026-05-28T21:32:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44394"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/keystone/+bug/2150379"
},
{
"type": "PACKAGE",
"url": "https://github.com/openstack/keystone"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2026-603.yaml"
},
{
"type": "WEB",
"url": "https://security.openstack.org/ossa/OSSA-2026-015.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "OpenStack Keystone\u0027s federated token rescoping mechanism doesn\u0027t propagate the original token\u0027s expiry to the newly issued token"
}
GHSA-WHVF-PMRC-VGH4
Vulnerability from github – Published: 2023-02-09 18:30 – Updated: 2025-03-24 21:30The AMS module has a vulnerability of lacking permission verification in APIs.Successful exploitation of this vulnerability may affect data confidentiality.
{
"affected": [],
"aliases": [
"CVE-2022-48302"
],
"database_specific": {
"cwe_ids": [
"CWE-862",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-09T17:15:00Z",
"severity": "HIGH"
},
"details": "The AMS module has a vulnerability of lacking permission verification in APIs.Successful exploitation of this vulnerability may affect data confidentiality.",
"id": "GHSA-whvf-pmrc-vgh4",
"modified": "2025-03-24T21:30:27Z",
"published": "2023-02-09T18:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48302"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2023/2"
},
{
"type": "WEB",
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202302-0000001454769474"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WHWG-VH4F-PMMF
Vulnerability from github – Published: 2026-07-01 20:23 – Updated: 2026-07-01 20:23In SurrealDB, records can be connected as a graph: a RELATE statement creates an edge record between two node records. If either endpoint node is deleted, SurrealDB automatically removes the edge row to keep the graph consistent.
A user with permission to delete a node could also delete the edges connected to that node, even when the edge table's PERMISSIONS FOR delete clause should have stopped them.
The automatic edge removal (Document::purge_edges) ran with permissions disabled (opt.clone().with_perms(false)), so the edge table's PERMISSIONS FOR delete and PERMISSIONS FOR select clauses were never consulted. The removal step could also observe edge state that the edge's SELECT clause should have hidden.
Impact
What an attacker can do:
- Delete any edge connected to a node they can delete, regardless of the edge table's
PERMISSIONS FOR deleteclause. - Observe edge contents that
PERMISSIONS FOR selectshould have hidden, as a side effect of the same edge-removal step.
What it can't do:
- Delete nodes on tables they do not hold
DELETEon (the edge removal only runs from an authorised node delete). - Cross namespace or database isolation boundaries.
- Escalate to root or operator-level privileges.
Patches
Document::purge_edges now propagates the caller's permission context into the edge removal. Each connected edge DELETE is evaluated against the edge table's PERMISSIONS FOR delete clause, matching a direct DELETE.
Versions 3.1.0 and later are not affected.
Workarounds
- Restrict node
DELETEpermission to principals trusted to delete all connected edge records. - Use namespace or database isolation as the primary boundary where edge-level
PERMISSIONSis load-bearing for multi-tenant separation.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "surrealdb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-49997"
],
"database_specific": {
"cwe_ids": [
"CWE-285",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-01T20:23:49Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "In SurrealDB, records can be connected as a graph: a `RELATE` statement creates an edge record between two node records. If either endpoint node is deleted, SurrealDB automatically removes the edge row to keep the graph consistent.\n\nA user with permission to delete a node could also delete the edges connected to that node, even when the edge table\u0027s `PERMISSIONS FOR delete` clause should have stopped them.\n\nThe automatic edge removal (`Document::purge_edges`) ran with permissions disabled (`opt.clone().with_perms(false)`), so the edge table\u0027s `PERMISSIONS FOR delete` and `PERMISSIONS FOR select` clauses were never consulted. The removal step could also observe edge state that the edge\u0027s SELECT clause should have hidden.\n\n### Impact\n\nWhat an attacker **can** do:\n\n- Delete any edge connected to a node they can delete, regardless of the edge table\u0027s `PERMISSIONS FOR delete` clause.\n- Observe edge contents that `PERMISSIONS FOR select` should have hidden, as a side effect of the same edge-removal step.\n\nWhat it **can\u0027t** do:\n\n- Delete nodes on tables they do not hold `DELETE` on (the edge removal only runs from an authorised node delete).\n- Cross namespace or database isolation boundaries.\n- Escalate to root or operator-level privileges.\n\n### Patches\n\n`Document::purge_edges` now propagates the caller\u0027s permission context into the edge removal. Each connected edge `DELETE` is evaluated against the edge table\u0027s `PERMISSIONS FOR delete` clause, matching a direct `DELETE`.\n\nVersions 3.1.0 and later are not affected.\n\n### Workarounds\n\n- Restrict node `DELETE` permission to principals trusted to delete all connected edge records.\n- Use namespace or database isolation as the primary boundary where edge-level `PERMISSIONS` is load-bearing for multi-tenant separation.",
"id": "GHSA-whwg-vh4f-pmmf",
"modified": "2026-07-01T20:23:49Z",
"published": "2026-07-01T20:23:49Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/surrealdb/surrealdb/security/advisories/GHSA-whwg-vh4f-pmmf"
},
{
"type": "WEB",
"url": "https://github.com/surrealdb/surrealdb/pull/242"
},
{
"type": "WEB",
"url": "https://github.com/surrealdb/surrealdb/commit/a80d1784cf75358441978bbd77688855e95f4578"
},
{
"type": "PACKAGE",
"url": "https://github.com/surrealdb/surrealdb"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "SurrealDB: Edge PERMISSIONS FOR delete bypassed when a connected node is deleted"
}
GHSA-WJ55-88GF-X564
Vulnerability from github – Published: 2026-03-26 21:14 – Updated: 2026-04-15 20:55Summary
Queued node actions were not revalidated against current command policy when later delivered, so stale allowlists or declarations could survive policy tightening.
Affected Packages / Versions
- Package:
openclaw(npm) - Affected: < 2026.3.22
- Fixed: >= 2026.3.22
- Latest released tag checked:
v2026.3.23-2(630f1479c44f78484dfa21bb407cbe6f171dac87) - Latest published npm version checked:
2026.3.23-2
Fix Commit(s)
ec2c6d83b9f5f91d6d9094842e0f19b88e63e3e2
Release Status
The fix shipped in v2026.3.22 and remains present in v2026.3.23 and v2026.3.23-2.
Code-Level Confirmation
- src/gateway/server-methods/nodes.ts now revalidates queued actions against the current allowlist and declared command set at delivery time.
- src/gateway/server-methods/nodes.invoke-wake.test.ts includes the shipped stale-queue regression coverage.
OpenClaw thanks @zpbrent for reporting.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.3.22"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-35648"
],
"database_specific": {
"cwe_ids": [
"CWE-367",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-26T21:14:24Z",
"nvd_published_at": "2026-04-10T17:17:05Z",
"severity": "LOW"
},
"details": "## Summary\nQueued node actions were not revalidated against current command policy when later delivered, so stale allowlists or declarations could survive policy tightening.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: \u003c 2026.3.22\n- Fixed: \u003e= 2026.3.22\n- Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Fix Commit(s)\n- `ec2c6d83b9f5f91d6d9094842e0f19b88e63e3e2`\n\n## Release Status\nThe fix shipped in `v2026.3.22` and remains present in `v2026.3.23` and `v2026.3.23-2`.\n\n## Code-Level Confirmation\n- src/gateway/server-methods/nodes.ts now revalidates queued actions against the current allowlist and declared command set at delivery time.\n- src/gateway/server-methods/nodes.invoke-wake.test.ts includes the shipped stale-queue regression coverage.\n\nOpenClaw thanks @zpbrent for reporting.",
"id": "GHSA-wj55-88gf-x564",
"modified": "2026-04-15T20:55:23Z",
"published": "2026-03-26T21:14:24Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wj55-88gf-x564"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35648"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/ec2c6d83b9f5f91d6d9094842e0f19b88e63e3e2"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openclaw-policy-bypass-via-unvalidated-queued-node-actions"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "OpenClaw may have stale policy enforcement for queued node actions"
}
Mitigation
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation MIT-4.4
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
No CAPEC attack patterns related to this CWE.