VDB
KO
HIGH

GHSA-jr6x-2q95-fh2g

OpenClaw's authorization mismatch allowed write-scope agent runs to reach owner-only tools

Details

### Summary An authorization mismatch allowed authenticated callers with `operator.write` access to invoke owner-only tool surfaces (`gateway`, `cron`) through `agent` runs in scoped-token deployments.

### Impact On affected deployments, write-scoped callers could perform control-plane actions beyond intended write scope.

### Fix Owner-only gating is now enforced consistently for owner-only tool surfaces during agent execution, and tool scope classification was tightened to remove the privilege mismatch.

### Affected and Patched Versions - Affected: `<= 2026.2.26` - Patched: `2026.3.1`

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / openclaw
Introduced in: 0 Fixed in: 2026.3.1
Fix npm install openclaw@2026.3.1

References