CVE-2026-44110
OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without being in configured allowlists by posting in bot rooms, potentially enabling privileged OpenClaw behavior.
View on NVDAnalysis
OpenClaw is a niche bot or integration for the Matrix protocol and is not a standard tool in the common web or mobile development stack. While the authorization bypass allows for privileged command execution, the limited adoption of this specific software means it does not warrant a broad community alert.
Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCWE-863EPSS
No EPSS score yet (CVE may be too fresh).
Technical description
OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without being in configured allowlists by posting in bot rooms, potentially enabling privileged OpenClaw behavior.
References
- https://github.com/openclaw/openclaw/commit/2bfd808a83116bd888e3e2633a61473fa2ed81b6
- https://github.com/openclaw/openclaw/commit/f8705f512b09043df02b5da372c33374734bd921
- https://github.com/openclaw/openclaw/security/advisories/GHSA-2gvc-4f3c-2855
- https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-matrix-room-control-commands-via-dm-pairing-store