openclaw, Privilege Escalation via Matrix Profile Persistence, (CVE ID not provided) – Medium

Listen to this Post

How the mentioned CVE works (approx. 20 lines):

The vulnerability resides in openclaw’s Matrix integration, specifically in how profile configuration persistence is accessed through the Gateway’s operator.write message‑tool paths. Normally, modifying persistent profile config (e.g., user display names, avatars, or state data) requires admin‑level authority. However, due to insufficient authorization gating, any caller with operator.write privileges—even without ownership or admin rights—could reach the Matrix profile persistence endpoint. The affected code allowed message‑tool runs to bypass the ownership check when updating profile data. An attacker with operator.write access could craft a message‑tool request that directly mutates the persistent profile configuration of any Matrix user, including admins or other high‑value targets. This is because the original logic did not verify whether the message‑tool execution context was owned by the profile owner or had admin scopes. The write‑scoped callers could invoke internal functions that write to the profile storage backend. The impact is unauthorized modification of user profile information, potentially leading to impersonation, data corruption, or further escalation within Matrix rooms. The fix introduced a gate that blocks Matrix profile updates for non‑owner message‑tool runs, ensuring only admin‑level or owner‑level requests can persist profile changes. The commit fe0f686c9228fffcec6de4011da45e69a6e23e54 enforces this check before any write operation reaches the persistence layer.

dailycve form:

Platform: npm
Version: <2026.4.10
Vulnerability: Privilege escalation via Matrix profile persistence
Severity: Medium
date: 2026-04-17

Prediction: 2026-04-10

What Undercode Say:

Check current openclaw version
npm list openclaw
Upgrade to patched version (>=2026.4.10)
npm install [email protected]
Verify fix presence in commit history
git log --oneline | grep fe0f686
Simulate operator.write message-tool attempt (pre-fix)
curl -X POST /gateway/operator.write \
-d '{"tool":"message","target":"matrix_profile","action":"update","data":{"user":"admin","display":"hacked"}}'

Exploit:

Craft a message‑tool JSON payload with operator.write scope, targeting the Matrix profile persistence endpoint. Send it to the Gateway without owner/admin token. Example: {"tool":"message","path":"matrix/profile/persist","method":"PUT","body":{"user_id":"@victim:matrix.org","display_name":"attacker"}}. The pre‑fix version accepts this and mutates the victim’s profile.

Protection from this CVE:

Upgrade openclaw to v2026.4.10 or later. If upgrade is impossible, apply the patch from commit fe0f686c9228fffcec6de4011da45e69a6e23e54 manually. Restrict operator.write permissions to only fully trusted users. Monitor message‑tool logs for unexpected Matrix profile write attempts.

Impact:

Unauthorized modification of Matrix profile data (display names, avatars, state) by any user with operator.write access, bypassing admin‑level authority. Can lead to impersonation, social engineering, or persistent defacement in Matrix‑connected services.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top