Home / Vulnerability Intelligence / CVE-2026-28473

CVE-2026-28473 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 5, 2026

OpenClaw - Authorization Bypass

Published: March 5, 2026Updated: March 5, 2026Remote Exploitable

Overview

OpenClaw < 2026.2.2 contains an authorization bypass caused by improper permission checks in the /approve chat command invoking exec.approval.resolve, letting clients with operator.write scope approve or deny exec requests without proper authorization.

Severity & Score

Severity: Critical

CVSS Score: 9.8

Impact

Clients with operator.write scope can bypass approval restrictions, potentially allowing unauthorized execution approvals.

Mitigation

Update to version 2026.2.2 or later.

References

https://github.com/openclaw/openclaw/commit/efe2a464afcff55bb5a95b959e6bd9ec0fef086e
https://github.com/openclaw/openclaw/security/advisories/GHSA-mqpw-46fh-299h
https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-approve-chat-command

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-28473
Severity: Critical
CVSS Score: 9.8
Type: broken_access_control
Status: new

CWE

CWE-863

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H