What is CVE-2026-45001?

A guard bypass vulnerability in OpenClaw gateway config endpoints before 2026.4.20 that allows prompt-injected models to persist unauthorized changes to protected operator settings.

What settings can be modified via CVE-2026-45001?

Sandbox policy, plugin enablement, gateway auth/TLS, hook routing, MCP server configuration, SSRF policy, and filesystem hardening.

How is CVE-2026-45001 exploited?

A prompt-injected model with access to the owner-only gateway tool can use config.patch and config.apply to modify protected settings that should only be operator-controlled.

What is the severity of CVE-2026-45001?

High severity — allows persistent unauthorized configuration changes that survive gateway restarts.

How to fix CVE-2026-45001?

Update to OpenClaw 2026.4.20 or later, which adds proper guard checks on all operator-trusted configuration endpoints.

← Back to dashboard

clawsmith.com/signal/cve-2026-45001-config-guard-bypass-agent-gateway

⚠ IssueWide OpenLive

CVE-2026-45001: OpenClaw Gateway Config Guard Bypass Lets Prompt-Injected Model Persist Unauthorized Settings

OpenClaw before 2026.4.20 fails to protect operator-trusted settings in gateway config.patch and config.apply endpoints. A prompt-injected model can disable sandbox policy, change auth settings, and persist malicious gateway configuration.

Product Idea from this Signal

A CLI tool that scans a running OpenClaw instance for active CVEs, malicious skills, and supply chain tampering before they get exploited

807 ▲

OpenClaw has accumulated 433+ CVEs in five months including critical auth bypasses (CVSS 9.8), sandbox escapes, and nation-state supply chain attacks targeting the npm ecosystem. Most operators have no idea which CVEs affect their specific version, whether their installed skills contain backdoors, or if their dependency tree has been tampered with. This tool runs a comprehensive security audit against a live OpenClaw instance and outputs an actionable remediation plan.

CLIOPEN-SOURCESECURITYDEVTOOLAUDIT

CompetitiveView Opportunity →

Product Idea from this Signal

A reverse proxy that locks OpenClaw gateway configuration against model-driven mutation by enforcing an allowlist of immutable protected settings

8 ▲

OpenClaw gateway config.patch and config.apply endpoints have been exploited through denylist bypass (CVE-2026-45006, CVE-2026-45001, CVE-2026-45004). Compromised models persist malicious config changes to sandbox policy, auth/TLS, and SSRF rules that survive restart. This tool flips the model from denylist to allowlist, intercepting all config mutations at the network layer.

SECURITYREVERSE-PROXYOPEN-SOURCEDEVTOOL

CompetitiveView Opportunity →