OpenClaw Matrix Profile Config Persistence Vulnerability
A vulnerability in the openclaw npm package before version 2026.4.10 allows unauthorized modification of Matrix profile configurations via the `operator.write` message tool.
A critical vulnerability exists in versions of the openclaw npm package prior to 2026.4.10. The vulnerability stems from insufficient access control within the gateway's operator.write message-tool paths. These paths inadvertently provide access to Matrix profile persistence functions that are intended to be restricted to administrator-level privileges. This means that attackers could potentially modify sensitive Matrix profile configurations without proper authorization. The vulnerability was addressed in version 2026.4.10 and subsequent releases, with openclaw@2026.4.14 incorporating the fix. This issue was reported and resolved with contributions from multiple security researchers and sponsors, highlighting its potential impact on affected systems.
Attack Chain
- An attacker gains access to a system with the vulnerable
openclawpackage installed. - The attacker crafts a malicious
operator.writemessage intended to exploit the exposed Matrix profile persistence functionality. - The crafted message bypasses intended access controls due to the vulnerability.
- The malicious message reaches the vulnerable Matrix profile persistence component.
- The component processes the message without proper authorization checks.
- The attacker modifies sensitive Matrix profile configurations, such as user permissions or system settings.
- The modified configuration persists across system restarts due to the compromised persistence mechanism.
- The attacker leverages the modified profile configuration to escalate privileges or gain unauthorized access to sensitive data.
Impact
Successful exploitation of this vulnerability could allow attackers to gain unauthorized control over Matrix profile configurations. This could lead to privilege escalation, unauthorized access to sensitive data, and potential disruption of service. While the exact scope of potential victims is unknown, any system running a vulnerable version of the openclaw package is at risk. This could impact various sectors relying on the package for their operations.
Recommendation
- Immediately upgrade the
openclawnpm package to version 2026.4.10 or later to remediate the vulnerability. - Monitor npm package installations and updates within your environment to detect and prevent the use of vulnerable versions of
openclaw. - Implement strict access controls and input validation on message-tool paths to prevent unauthorized access to sensitive functionalities.
Detection coverage 2
Detect OpenClaw operator.write Message with Profile Modification
highDetects suspicious `operator.write` messages potentially attempting to modify Matrix profile configurations in vulnerable OpenClaw versions.
Detect OpenClaw version prior to 2026.4.10
mediumDetects OpenClaw versions older than 2026.4.10
Detection queries are available on the platform. Get full rules →