OpenClaw, Authorization Bypass, CVE-2026-XXXXX (High)

Listen to this Post

How the Mentioned CVE Works

This vulnerability is an incorrect authorization (CWE-863) in OpenClaw version v2026.3.22. The core issue is that a residual, destructive API route remains unprotected within a privileged surface. The previous advisory (GHSA-vmhq-cqm9-6p7q) successfully blocked routes like `POST /profiles/create` and `DELETE /profiles/:name` on the `browser.request` Gateway method. However, the fix was incomplete. The `POST /reset-profile` route was omitted from the mutation classifier function isPersistentBrowserProfileMutation(). Consequently, an authenticated user possessing only the `operator.write` scope (intended for non-destructive operations) can still invoke `POST /reset-profile` via browser.request. This bypasses the intended privilege gate. The request is forwarded to the browser server, where `resetProfile()` executes. This function stops the active browser for that profile, closes the Playwright connection, and moves the entire profile directory (userDataDir) to the Trash. The exploit leverages a simple API call to destroy persistent browser state, demonstrating a concrete integrity and availability impact that the authorization policy was designed to prevent.

dailycve form:

Platform: OpenClaw
Version: v2026.3.22
Vulnerability: Authorization Bypass
Severity: High
date: 2026-03-23

Prediction: 2026-03-24

What Undercode Say:

Test for vulnerability
curl -X POST http://target:3000/gateway/method/browser.request \
-H "Authorization: Bearer <operator_write_token>" \
-H "Content-Type: application/json" \
-d '{"method":"POST","path":"/reset-profile","body":{"profile":"victim-profile","name":"victim-profile"}}'
Control case (should be denied)
curl -X POST http://target:3000/gateway/method/browser.request \
-H "Authorization: Bearer <operator_write_token>" \
-H "Content-Type: application/json" \
-d '{"method":"POST","path":"/profiles/create","body":{"name":"test-profile"}}'

Exploit:

  • Preconditions: Authenticated user with `operator.write` scope; target profile exists.
  • Command: Invoke `browser.request` with `POST /reset-profile` and profile name.
  • Result: Browser stops; connection closes; profile directory moved to Trash.

Protection from this CVE

  • Upgrade: Immediately upgrade to OpenClaw v2026.3.24 or later.
  • Workaround: Restrict `browser.request` to `operator.admin` scope only if unable to upgrade.
  • Code Fix: Extend `isPersistentBrowserProfileMutation()` to include `POST /reset-profile` in src/browser/request-policy.ts.

Impact

  • Integrity: Persistent browser profiles are deleted or corrupted.
  • Availability: Running browsers are forcibly stopped, halting active sessions.
  • Privilege Escalation: Low-privilege `operator.write` users can perform destructive admin-level actions.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top