openclaw, Gateway operatorwrite Can Reach Admin-Class Talk Voice Config Persistence via chatsend, (medium)

Listen to this Post

The vulnerability exists in openclaw npm package versions up to 2026.3.24. An authenticated attacker with the `operator.write` privilege can abuse the `chat.send` function to modify admin-class Talk Voice configuration settings persistently. The root cause is insufficient authorization checks when processing `chat.send` messages that carry configuration payloads. Normally, `operator.write` grants limited write permissions, but due to a flawed validation logic, a crafted `chat.send` request can escalate to admin-class operations. Specifically, the gateway fails to sanitize or restrict the target context of the configuration update, allowing an operator to inject persistent voice config changes intended only for administrators. This leads to unauthorized persistence of attacker-controlled Talk Voice settings across sessions. The fix introduces proper role-based validation in the message handling pipeline, ensuring that `operator.write` cannot cross the admin boundary. The commit `e34694733fc64931ed4a543c73d84ad3435d5df1` (2026-03-25) patches the flaw by adding a security context check before applying any config mutation from chat.send. The maintainers triaged this as medium severity because it requires authenticated access and is narrow in scope (only affects Talk Voice config persistence). Patched versions are >=2026.3.28.

dailycve form

Platform: openclaw npm package
Version: Before 2026.3.28
Vulnerability: Admin config persistence
Severity: Medium
date: 2026-03-25

Prediction: Patched version 2026.3.28

What Undercode Say:

Analytics:

Check vulnerable version
npm list openclaw | grep "2026.3.2[0-4]"
Verify fix presence
git show e34694733fc64931ed4a543c73d84ad3435d5df1 --stat
Simulate operator.write attempt (requires auth token)
curl -X POST https://target/gateway/chat.send \
-H "Authorization: Bearer $OP_TOKEN" \
-d '{"type":"config","target":"admin_voice","data":{"persist":true}}'

how Exploit:

1. Obtain valid `operator.write` credentials.

  1. Send a crafted `chat.send` message to gateway with `target=admin_voice` and malicious config payload.
  2. The gateway applies the config persistently due to missing role check.
  3. Attacker can now alter Talk Voice settings (e.g., redirect audio, change permissions).

Protection from this CVE

  • Upgrade to openclaw >=2026.3.28 immediately.
  • If cannot upgrade, revoke all `operator.write` privileges temporarily.
  • Monitor gateway logs for unusual `chat.send` targeting admin_voice.
  • Apply network rules to restrict `chat.send` from untrusted operators.

Impact:

  • Unauthorized persistence of admin-class voice configuration.
  • Potential for voice channel hijacking or denial of service.
  • Privilege escalation from operator to admin effect on Talk Voice subsystem.
  • Low impact on confidentiality, medium on integrity and availability.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top