Tag
OpenClaw before 2026.4.23 contains an improper access control vulnerability (CVE-2026-45006) in the gateway tool's config.apply and config.patch operations, allowing compromised models to write unsafe configuration changes and persist malicious config modifications by bypassing an incomplete denylist.