Listen to this Post
How the Mentioned CVE Works
This vulnerability is an incorrect authorization (CWE-863) in OpenClaw version v2026.3.22. The core issue is that a residual, destructive API route remains unprotected within a privileged surface. The previous advisory (GHSA-vmhq-cqm9-6p7q) successfully blocked routes like `POST /profiles/create` and `DELETE /profiles/:name` on the `browser.request` Gateway method. However, the fix was incomplete. The `POST /reset-profile` route was omitted from the mutation classifier function isPersistentBrowserProfileMutation(). Consequently, an authenticated user possessing only the `operator.write` scope (intended for non-destructive operations) can still invoke `POST /reset-profile` via browser.request. This bypasses the intended privilege gate. The request is forwarded to the browser server, where `resetProfile()` executes. This function stops the active browser for that profile, closes the Playwright connection, and moves the entire profile directory (userDataDir) to the Trash. The exploit leverages a simple API call to destroy persistent browser state, demonstrating a concrete integrity and availability impact that the authorization policy was designed to prevent.
dailycve form:
Platform: OpenClaw
Version: v2026.3.22
Vulnerability: Authorization Bypass
Severity: High
date: 2026-03-23
Prediction: 2026-03-24
What Undercode Say:
Test for vulnerability
curl -X POST http://target:3000/gateway/method/browser.request \
-H "Authorization: Bearer <operator_write_token>" \
-H "Content-Type: application/json" \
-d '{"method":"POST","path":"/reset-profile","body":{"profile":"victim-profile","name":"victim-profile"}}'
Control case (should be denied)
curl -X POST http://target:3000/gateway/method/browser.request \
-H "Authorization: Bearer <operator_write_token>" \
-H "Content-Type: application/json" \
-d '{"method":"POST","path":"/profiles/create","body":{"name":"test-profile"}}'
Exploit:
- Preconditions: Authenticated user with `operator.write` scope; target profile exists.
- Command: Invoke `browser.request` with `POST /reset-profile` and profile name.
- Result: Browser stops; connection closes; profile directory moved to Trash.
Protection from this CVE
- Upgrade: Immediately upgrade to OpenClaw v2026.3.24 or later.
- Workaround: Restrict `browser.request` to `operator.admin` scope only if unable to upgrade.
- Code Fix: Extend `isPersistentBrowserProfileMutation()` to include `POST /reset-profile` in
src/browser/request-policy.ts.
Impact
- Integrity: Persistent browser profiles are deleted or corrupted.
- Availability: Running browsers are forcibly stopped, halting active sessions.
- Privilege Escalation: Low-privilege `operator.write` users can perform destructive admin-level actions.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

