Medium severity4.3NVD Advisory· Published Apr 10, 2026· Updated Apr 13, 2026
CVE-2026-35619
CVE-2026-35619
Description
OpenClaw before 2026.3.24 contains an authorization bypass vulnerability in the HTTP /v1/models endpoint that fails to enforce operator read scope requirements. Attackers with only operator.approvals scope can enumerate gateway model metadata through the HTTP compatibility route, bypassing the stricter WebSocket RPC authorization checks.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
openclawnpm | < 2026.3.24 | 2026.3.24 |
Affected products
1Patches
106de515b6c42fix(plugins): skip allowlist warning for config paths
2 files changed · +61 −28
src/plugins/loader.test.ts+55 −24 modified@@ -2708,50 +2708,81 @@ module.exports = { } }); - it("warns about open allowlists for discoverable plugins once per plugin set", () => { + it("warns about open allowlists only for auto-discovered plugins", () => { useNoBundledPlugins(); clearPluginLoaderCache(); const scenarios = [ { - label: "single load warns", - pluginId: "warn-open-allow", + label: "explicit config path stays quiet", + pluginId: "warn-open-allow-config", loads: 1, - expectedWarnings: 1, + expectedWarnings: 0, + loadRegistry: (warnings: string[]) => { + const plugin = writePlugin({ + id: "warn-open-allow-config", + body: `module.exports = { id: "warn-open-allow-config", register() {} };`, + }); + return loadOpenClawPlugins({ + cache: false, + logger: createWarningLogger(warnings), + config: { + plugins: { + load: { paths: [plugin.file] }, + }, + }, + }); + }, }, { - label: "repeated identical loads dedupe warning", - pluginId: "warn-open-allow-once", + label: "workspace discovery warns once", + pluginId: "warn-open-allow-workspace", loads: 2, expectedWarnings: 1, + loadRegistry: (() => { + const workspaceDir = makeTempDir(); + const workspaceExtDir = path.join( + workspaceDir, + ".openclaw", + "extensions", + "warn-open-allow-workspace", + ); + mkdirSafe(workspaceExtDir); + writePlugin({ + id: "warn-open-allow-workspace", + body: `module.exports = { id: "warn-open-allow-workspace", register() {} };`, + dir: workspaceExtDir, + filename: "index.cjs", + }); + return (warnings: string[]) => + loadOpenClawPlugins({ + cache: false, + workspaceDir, + logger: createWarningLogger(warnings), + config: { + plugins: { + enabled: true, + }, + }, + }); + })(), }, ] as const; for (const scenario of scenarios) { - const plugin = writePlugin({ - id: scenario.pluginId, - body: `module.exports = { id: "${scenario.pluginId}", register() {} };`, - }); const warnings: string[] = []; - const options = { - cache: false, - logger: createWarningLogger(warnings), - config: { - plugins: { - load: { paths: [plugin.file] }, - }, - }, - }; for (let index = 0; index < scenario.loads; index += 1) { - loadOpenClawPlugins(options); + scenario.loadRegistry(warnings); } const openAllowWarnings = warnings.filter((msg) => msg.includes("plugins.allow is empty")); expect(openAllowWarnings, scenario.label).toHaveLength(scenario.expectedWarnings); - expect( - openAllowWarnings.some((msg) => msg.includes(scenario.pluginId)), - scenario.label, - ).toBe(true); + if (scenario.expectedWarnings > 0) { + expect( + openAllowWarnings.some((msg) => msg.includes(scenario.pluginId)), + scenario.label, + ).toBe(true); + } } });
src/plugins/loader.ts+6 −4 modified@@ -607,18 +607,20 @@ function warnWhenAllowlistIsOpen(params: { if (params.allow.length > 0) { return; } - const nonBundled = params.discoverablePlugins.filter((entry) => entry.origin !== "bundled"); - if (nonBundled.length === 0) { + const autoDiscoverable = params.discoverablePlugins.filter( + (entry) => entry.origin === "workspace" || entry.origin === "global", + ); + if (autoDiscoverable.length === 0) { return; } if (openAllowlistWarningCache.has(params.warningCacheKey)) { return; } - const preview = nonBundled + const preview = autoDiscoverable .slice(0, 6) .map((entry) => `${entry.id} (${entry.source})`) .join(", "); - const extra = nonBundled.length > 6 ? ` (+${nonBundled.length - 6} more)` : ""; + const extra = autoDiscoverable.length > 6 ? ` (+${autoDiscoverable.length - 6} more)` : ""; openAllowlistWarningCache.add(params.warningCacheKey); params.logger.warn( `[plugins] plugins.allow is empty; discovered non-bundled plugins may auto-load: ${preview}${extra}. Set plugins.allow to explicit trusted ids.`,
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/openclaw/openclaw/commit/06de515b6c42816b62ec752e1c221cab67b38501nvdPatchWEB
- github.com/advisories/GHSA-68f8-9mhj-h2mpghsaADVISORY
- github.com/openclaw/openclaw/security/advisories/GHSA-68f8-9mhj-h2mpnvdMitigationVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-35619ghsaADVISORY
- www.vulncheck.com/advisories/openclaw-authorization-bypass-via-http-v1-models-endpointnvdThird Party AdvisoryWEB
News mentions
0No linked articles in our index yet.