VYPR
← All advisories
Medium severity5.4NVD Advisory· Published Jun 1, 2026

CVE-2026-10218

CVE-2026-10218

Description

An authorization bypass in GoClaw up to 3.11.3 allows unauthenticated or low-privilege users to modify admin-only evolution suggestions, potentially causing denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An authorization bypass in GoClaw up to 3.11.3 allows unauthenticated or low-privilege users to modify admin-only evolution suggestions, potentially causing denial of service.

Vulnerability

The vulnerability is an authorization bypass in the auth function in internal/http/evolution_handlers.go of GoClaw up to version 3.11.3. The requireAuth("", next) call passes an empty string as the minimum role, causing the middleware to dynamically resolve the required role based on the HTTP method. For PATCH requests, this resolves to RoleOperator, but gateway tokens automatically elevate to RoleAdmin, allowing unauthorized access to the endpoint PATCH /v1/agents/{agentID}/evolution/suggestions/{suggestionID}. This allows any user with a valid gateway token or low-privilege tenant member to modify evolution suggestions that should be admin-only. [1][2]

Exploitation

An attacker can remotely exploit this by sending a crafted PATCH request to the evolution suggestions endpoint with a valid gateway token or as a low-privilege tenant user. The attacker does not need admin privileges; they can approve, reject, or modify system-generated evolution suggestions. The exploit has been publicly disclosed. [2]

Impact

Successful exploitation allows an attacker to improperly modify evolution suggestions, which can have direct side effects on tenant configurations, such as disabling built-in tools across the entire tenant or altering agent behavior guardrails. This can lead to a permanent denial of service (DoS) for core system features or disrupt agent behaviors globally for all users in the tenant. [2]

Mitigation

The project has tagged the issue as a bug, but as of the publication date (2026-06-01), no fixed version has been released. Users should monitor the GoClaw repository for updates. No workaround is provided in the available references. [1][2]

References
  1. GitHub - nextlevelbuilder/goclaw: GoClaw - GoClaw is OpenClaw rebuilt in Go — with multi-tenant isolation, 5-layer security, and native concurrency. Deploy AI agent teams at scale without compromising on safety.
  2. [Security] Evolution Suggestion Authorization Bypass — Unauthorized Modification of Admin-Only Suggestion State leading to Tool Disabled

AI Insight generated on Jun 1, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"Missing explicit role requirement in the auth middleware for the evolution suggestion update endpoint, combined with automatic Gateway Token role elevation, allows low-privilege users to modify admin-only suggestion state."

Attack vector

An attacker with a valid Gateway Token (shared among authenticated users) and only Viewer-level tenant access sends a PATCH request to `/v1/agents/{agentID}/evolution/suggestions/{suggestionID}`. The Gateway Token elevates the attacker's role to `RoleAdmin` in the request context, which exceeds the dynamically resolved `RoleOperator` requirement, bypassing authorization. The attacker can then approve or reject evolution suggestions—such as `SuggestToolOrder`—that directly modify tenant-wide configurations (e.g., disabling built-in tools), causing a permanent denial-of-service for core features across the tenant [ref_id=2].

Affected code

The vulnerability resides in `internal/http/evolution_handlers.go` where the `auth` wrapper calls `requireAuth("", next)` with an empty role string. This causes the system to dynamically resolve a `RoleOperator` requirement for PATCH requests, while any user presenting a valid Gateway Token is automatically elevated to `RoleAdmin` in `internal/http/auth.go`. The endpoint lacks the `requireTenantAdmin()` check that other critical mutation endpoints use.

What the fix does

The advisory does not include a patch diff, but it identifies the root cause: the `auth` wrapper in `evolution_handlers.go` passes an empty string to `requireAuth`, which dynamically resolves to `RoleOperator` for PATCH requests, while the Gateway Token mechanism unconditionally elevates any token holder to `RoleAdmin`. The recommended fix is to harden the endpoint by using `requireAuth(permissions.RoleAdmin, next)` and adding a `requireTenantAdmin()` check, matching the pattern already applied to other critical mutation endpoints [ref_id=2].

Preconditions

  • authA valid Gateway Token (shared among authenticated users) must be obtainable.
  • authThe attacker must have at least Viewer-level membership in a tenant that has pending evolution suggestions.
  • configThe target GoClaw instance must be running with the default Gateway Token mechanism enabled.

Generated on Jun 1, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.