Home / Vulnerability Intelligence / CVE-2026-28473

CVE-2026-28473 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 6, 2026

OpenClaw - Authorization Bypass

Published: March 5, 2026Updated: March 6, 2026Remote Exploitable

Overview

OpenClaw < 2026.2.2 contains an authorization bypass caused by improper permission checks in the /approve chat command invoking exec.approval.resolve, letting clients with operator.write scope approve or deny exec requests without proper authorization.

Severity & Score

Severity: High

CVSS Score: 8.1

EPSS Score: 3.4%(Probability of exploitation in next 30 days)

Impact

Clients with operator.write scope can bypass approval restrictions, potentially allowing unauthorized execution approvals.

Mitigation

Update to version 2026.2.2 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 6, 2026

🔴 CVE-2026-28473 - Critical (9.8) OpenClaw versions prior to 2026.2.2 contain an authorization bypass vulnerability where clients with operator.write scope can approve or deny exec approval requests by sending the /approve chat command. The /approve command path invokes exec.appro... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28473/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-28473
Severity: High
CVSS Score: 8.1
Type: broken_access_control
Status: new
EPSS: 3.4%
Social Posts: 1

CWE

CWE-863

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

EPSS Score

3.4%Probability of exploitation in the next 30 days