OpenClaw: Unauthorized Profile Reset via browser.request
OpenClaw version 2026.3.22 allows authenticated users with `operator.write` access to the `browser.request` method to reset persistent browser profiles via a `POST /reset-profile` request due to a missing check in the persistent-profile mutation classifier, leading to data loss and service disruption.
OpenClaw version 2026.3.22 contains an authorization bypass vulnerability that allows an authenticated user with limited operator.write privileges to perform destructive actions on browser profiles. Specifically, a user with access to the browser.request Gateway method can send a POST request to the /reset-profile endpoint, which is intended for higher-privileged users. This is due to an incomplete fix related to persistent profile management. While the prior fix blocked POST /profiles/create and profile deletion, the latest release omits POST /reset-profile from the same mutation gate. This vulnerability was addressed in OpenClaw version 2026.3.24.
Attack Chain
- An attacker authenticates to the OpenClaw application with
operator.writeprivileges. - The attacker leverages their access to the
browser.requestGateway method. - The attacker crafts a
POSTrequest to the/reset-profileendpoint. The request body includes the target profile name. - The
browser.requestmethod incorrectly forwards the request to the browser route dispatcher due to a missing check in theisPersistentBrowserProfileMutation(...)helper. - The exposed browser server route maps
/reset-profiletoprofileCtx.resetProfile(). - The
resetProfile()function is executed, stopping the running browser, closing the Playwright browser connection, and moving the profile'suserDataDirto Trash. - The target browser profile is reset, leading to data loss and service disruption for the user associated with that profile.
Impact
Successful exploitation of this vulnerability allows an attacker with operator.write access to reset arbitrary browser profiles. This results in the targeted browser being stopped, the Playwright browser connection being closed, and the profile's local data directory being moved to the trash. This leads to a loss of persistent browser state, potential data loss, and disruption of service for users relying on the affected browser profiles.
Recommendation
- Upgrade OpenClaw to version 2026.3.24 or later to patch the vulnerability.
- Deploy the Sigma rule
Detect OpenClaw Unauthorized Profile Resetto detect exploitation attempts by monitoring forPOSTrequests to/reset-profileoriginating frombrowser.requestwithoperator.writeprivileges. - Review the source code locations
src/gateway/server-methods/browser.tsandsrc/node-host/invoke-browser.tsto ensure all profile-management routes are correctly classified and protected. - Implement regression testing with a deny control for
POST /reset-profileon thebrowser.requestsurface to prevent future regressions.
Detection coverage 2
Detect OpenClaw Unauthorized Profile Reset
highDetects unauthorized profile reset attempts in OpenClaw by monitoring for POST requests to /reset-profile through the browser.request method.
OpenClaw browser.request /reset-profile
mediumDetects calls to the /reset-profile endpoint via the browser.request method in OpenClaw, indicative of potential unauthorized profile resets.
Detection queries are available on the platform. Get full rules →