{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/acp/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["openclaw","acp","chat-command-injection","vulnerability"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe \u003ccode\u003eopenclaw\u003c/code\u003e npm package, versions prior to 2026.3.22, contained a vulnerability where internal ACP (Admin Control Panel) chat commands could be mutated without proper \u003ccode\u003eoperator.admin\u003c/code\u003e scope enforcement. This flaw could be exploited by an attacker to bypass intended security controls and execute unauthorized administrative actions within the OpenClaw application. The vulnerability was reported by @tdjackey and patched in version 2026.3.22. Defenders should ensure they are running version 2026.3.22 or later to mitigate this risk. The scope of impact is limited to systems running vulnerable versions of the \u003ccode\u003eopenclaw\u003c/code\u003e package.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies an instance of OpenClaw running a version prior to 2026.3.22.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious chat command intended to interact with the ACP.\u003c/li\u003e\n\u003cli\u003eThe malicious command bypasses the intended \u003ccode\u003eoperator.admin\u003c/code\u003e scope check due to the vulnerability.\u003c/li\u003e\n\u003cli\u003eThe crafted command is sent to the OpenClaw application via the chat interface.\u003c/li\u003e\n\u003cli\u003eThe vulnerable code in \u003ccode\u003esrc/auto-reply/reply/commands-acp.ts\u003c/code\u003e processes the command without proper authorization.\u003c/li\u003e\n\u003cli\u003eThe command execution results in the mutation of internal ACP configurations or data.\u003c/li\u003e\n\u003cli\u003eAttacker leverages the mutated configurations to gain further control over the OpenClaw application or its environment.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability could allow an attacker to perform unauthorized administrative actions within the OpenClaw application. This may include modifying application settings, accessing sensitive data, or disrupting services. The severity of the impact depends on the specific ACP commands that are exposed and the attacker\u0026rsquo;s ability to chain together multiple commands for greater effect.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the \u003ccode\u003eopenclaw\u003c/code\u003e npm package to version 2026.3.22 or later to apply the fix described in the advisory (see Affected Packages / Versions).\u003c/li\u003e\n\u003cli\u003eMonitor chat command inputs for unusual syntax or attempts to access administrative functionalities to detect potential exploitation attempts (use network or application logs).\u003c/li\u003e\n\u003cli\u003eReview and audit existing OpenClaw configurations for any unauthorized modifications that may have occurred due to this vulnerability.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization on all chat command inputs to prevent command injection attacks.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule provided to detect attempts to use ACP commands without proper authorization (see \u0026ldquo;OpenClaw ACP Command Execution Without Admin Scope\u0026rdquo;).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-26T21:25:00Z","date_published":"2026-03-26T21:25:00Z","id":"/briefs/2026-06-openclaw-acp-bypass/","summary":"A vulnerability in the openclaw npm package before version 2026.3.22 allowed mutating internal ACP chat commands without requiring operator.admin scope enforcement, potentially allowing unauthorized control-plane actions.","title":"OpenClaw ACP Chat Command Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-06-openclaw-acp-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Acp","version":"https://jsonfeed.org/version/1.1"}