Product
OpenClaw Vulnerability Allows Local Forged Identity Headers
2 TTPsA vulnerability (GHSA-rggc-m335-3wvj) in OpenClaw's trusted-proxy deployments allows a local attacker on the same host to forge identity headers, bypassing intended security controls and potentially leading to unauthorized access or privilege escalation if the affected feature is enabled and reachable.
OpenClaw Scoped Chat Route Inheritance Could Bypass Admin Command Scope Gates
1 TTPA vulnerability in OpenClaw allows an attacker with `operator.write` privileges to bypass intended administrative command scope gates by delivering a scoped Gateway `chat.send` request through an inherited external route, leading to unauthorized execution of critical administrative commands.
OpenClaw Trusted-proxy Control UI Privilege Escalation (GHSA-qjpc-qf9m-xwmr)
1 TTPA vulnerability in OpenClaw's trusted-proxy Control UI mode allows an unpaired or restricted trusted-proxy client to gain temporary `operator.admin` authority by declaring elevated WebSocket scopes before proper server-side authorization, enabling the execution of admin-gated Gateway RPCs until the connection is closed or revalidated.