GHSA-hw9r-h9mr-4jff
OpenClaw: Scoped chat.send route inheritance could bypass admin command scope gates
상세
### Summary
Some internal command handlers require `operator.approvals` or `operator.admin` scopes. In affected releases, a scoped Gateway `chat.send` request delivered through an inherited external route could be evaluated as an external-channel command while still carrying the lower Gateway client scopes.
This issue affects scoped Gateway clients. It does not apply to shared-secret bearer HTTP compatibility endpoints, which are documented as full operator surfaces under OpenClaw's trust model.
### Affected configurations
This affects deployments where a scoped Gateway caller with `operator.write` can use `chat.send` with delivery into a session that has an inherited external delivery route.
### Impact
Commands that should have required `operator.approvals` or `operator.admin` could run with only `operator.write` in this routed context. Affected command families included approval resolution and selected administrative commands such as plugin, config, MCP, allowlist, and ACP mutations.
### Patched Versions
The first stable patched version is `2026.5.18`.
### Mitigations
Upgrade to `openclaw@2026.5.18` or later. Before upgrading, avoid granting `operator.write` tokens to clients that can deliver commands into sessions with external routes unless those clients are trusted with admin-like command effects.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.