VYPR
← All advisories
Medium severity5.4NVD Advisory· Published May 29, 2026· Updated May 29, 2026

CVE-2026-34507

CVE-2026-34507

Description

OpenClaw before 2026.4.29 contains a policy bypass vulnerability in QQBot admin commands that allows authenticated senders to skip DM-only and allowFrom policy checks. Attackers can route admin commands from unauthorized senders or contexts to execute restricted behavior that policy should have blocked.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

OpenClaw before 2026.4.29 allows authenticated QQBot senders to bypass DM-only and allowFrom policy checks, enabling unauthorized admin command execution.

Vulnerability

OpenClaw versions before 2026.4.29 contain a policy bypass vulnerability in QQBot admin commands. The bug allows authenticated senders to skip DM-only and allowFrom policy checks, enabling admin commands to be routed from unauthorized senders or contexts. The affected feature must be enabled and reachable for exploitation [1][2].

Exploitation

An attacker needs to be an authenticated QQBot sender able to trigger the exported command. By crafting a request that bypasses the QQBot-specific DM-only and allowFrom checks, the attacker can route admin commands from a sender or context that policy should have blocked. No additional user interaction is required beyond authentication [1].

Impact

Successful exploitation allows the attacker to execute restricted admin behavior that policy should have prevented. The practical impact depends on the operator's configuration and whether lower-trust input can reach the vulnerable path. The CVSS v4 vector indicates low confidentiality and low integrity impact, with no availability impact [2].

Mitigation

The first stable patched version is 2026.4.29 [1]. Until patched, operators should disable exported QQBot admin commands or restrict QQBot access. Additional mitigations include keeping channel and tool allowlists narrow, avoiding sharing one Gateway between mutually untrusted users, and disabling the affected feature when not needed [1][2].

References
  1. QQBot admin commands could skip DM-only and allowFrom policy
  2. OpenClaw < 2026.4.29 - Policy Bypass in QQBot Admin Commands via DM-only and allowFrom Checks

AI Insight generated on May 29, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • OpenClaw/Openclawinferred2 versions
    <2026.4.29+ 1 more
    • (no CPE)range: <2026.4.29
    • (no CPE)range: <2026.4.29

Patches

1
a448042c2edd

test(qa): extend restart boundary wait

https://github.com/OpenClaw/OpenClawPeter SteinbergerApr 30, 2026Fixed in 2026.4.29via release-tag
commit
1 file changed · +2 1
  • extensions/qa-lab/src/gateway-child.ts+2 1 modified
    @@ -44,6 +44,7 @@ import type { QaTransportAdapter } from "./qa-transport.js";
 export type { QaCliBackendAuthMode } from "./providers/env.js";
 const QA_GATEWAY_CHILD_STARTUP_MAX_ATTEMPTS = 5;
 const QA_GATEWAY_CHILD_RPC_RETRY_HEALTH_TIMEOUT_MS = 60_000;
+const QA_GATEWAY_CHILD_RESTART_BOUNDARY_TIMEOUT_MS = 90_000;
 const QA_GATEWAY_CHILD_BLOCKED_SECRET_ENV_VARS = Object.freeze([
   "OPENCLAW_QA_CONVEX_SECRET_CI",
   "OPENCLAW_QA_CONVEX_SECRET_MAINTAINER",
@@ -276,7 +277,7 @@ async function waitForQaGatewayRestartBoundary(params: {
   pollMs?: number;
   timeoutMs?: number;
 }) {
-  const timeoutMs = params.timeoutMs ?? 30_000;
+  const timeoutMs = params.timeoutMs ?? QA_GATEWAY_CHILD_RESTART_BOUNDARY_TIMEOUT_MS;
   const pollMs = params.pollMs ?? 100;
   const startedAt = Date.now();
   while (Date.now() - startedAt < timeoutMs) {

Vulnerability mechanics

Root cause

"The provided patch only adjusts a restart-boundary timeout constant and does not address any policy-bypass logic; the bundle lacks any code change related to QQBot admin-command policy enforcement."

Attack vector

The advisory describes a policy bypass in QQBot admin commands that lets authenticated senders skip DM-only and allowFrom policy checks [patch_id=3102119]. An attacker with valid authentication can route admin commands from unauthorized senders or contexts to execute restricted behavior that policy should have blocked. The patch does not show the vulnerable code paths, so the exact payload shape and network path are not visible in this bundle.

Affected code

The patch touches only `extensions/qa-lab/src/gateway-child.ts`, adjusting a timeout constant. The actual vulnerable code paths for the QQBot admin-command policy bypass are not shown in this bundle.

What the fix does

The supplied patch [patch_id=3102119] only increases a restart-boundary timeout constant from 30,000 ms to 90,000 ms in `extensions/qa-lab/src/gateway-child.ts`. It does not modify any QQBot admin-command policy enforcement logic. The advisory indicates a policy bypass exists, but no fix for that bypass is present in this bundle.

Preconditions

  • authAttacker must be an authenticated sender of the QQBot system.

Generated on May 29, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.