Skip to content

Gateway `operator.write` can reach admin-only persisted `verboseLevel` via `chat.send` `/verbose`

Moderate
steipete published GHSA-5h2w-qmfp-ggp6 Mar 29, 2026

Package

npm openclaw (npm)

Affected versions

<= 2026.3.24

Patched versions

>= 2026.3.28

Description

Summary

The chat.send path let authorized write-scoped callers persist /verbose session overrides even though the same stored session mutation is admin-only through sessions.patch.

Impact

A write-scoped gateway caller could persist verbose output for later runs and expose more reasoning or tool output than the operator intended.

Affected Component

src/auto-reply/reply/directive-handling.impl.ts, src/gateway/sessions-patch.ts

Fixed Versions

  • Affected: <= 2026.3.24
  • Patched: >= 2026.3.28
  • Latest stable 2026.3.28 contains the fix.

Fix

Fixed by commit c603123528 (fix(gateway): require admin for persisted verbose defaults).

Severity

Moderate

CVE ID

No known CVE

Weaknesses

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. Learn more on MITRE.

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. Learn more on MITRE.

Credits