CVE-2026-45006 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: May 12, 2026
OpenClaw - Broken Access Control
Overview
OpenClaw < 2026.4.23 contains an improper access control vulnerability in gateway tool's config.apply and config.patch operations, letting attackers with compromised models persist malicious configuration changes affecting command execution and policies, exploit requires compromised models.
Severity & Score
Impact
Attackers can persist malicious configuration changes affecting command execution, network behavior, credentials, and policies, potentially leading to system compromise.
Mitigation
Update to version 2026.4.23 or later.
References
Social Media Activity(2 posts)
š CVE-2026-45006 - High (8.8) OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows compromised models to write unsafe configuration changes by bypassing an incomplete denylist pro... š https://www.thehackerwire.com/vulnerability/CVE-2026-45006/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-45006 - High (8.8) OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows compromised models to write unsafe configuration changes by bypassing an incomplete denylist pro... š https://www.thehackerwire.com/vulnerability/CVE-2026-45006/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-45006
- Severity
- High
- CVSS Score
- 8.8
- Type
- broken_access_control
- Status
- unconfirmed
- EPSS
- 11.3%
- Social Posts
- 2
CWE
- CWE-184
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H