A logic flaw in the OpenClaw gateway WebSocket connect path allowed certain device-less shared-token or password-authenticated backend connections to keep client-declared scopes without server-side binding. A shared-authenticated client could present elevated scopes such as operator.admin even though those scopes were not tied to a device identity or an explicitly trusted Control UI path.
This crossed the intended authorization boundary and could let a shared-secret-authenticated backend client perform admin-only gateway operations.
openclaw <= 2026.3.11
Fixed in openclaw 2026.3.12. The gateway now clears unbound scopes for non-Control-UI shared-auth connections, and regression tests cover the device-less shared-auth path.
2026.3.12Exploitability
AV:NAC:LPR:LUI:NScope
S:CImpact
C:HI:HA:H9.9/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H