MEDIUM SeverityCVSS 4.06.0CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
CVE-2026-43574
Last updated May 05, 2026 · Published May 05, 2026
Description
OpenClaw before 2026.4.12 contains an improper authorization vulnerability in helper-backed channels where empty resolved approver lists are interpreted as explicit approval authorization. Attackers can resolve pending approvals without proper authorization by exploiting this logic flaw if they know an approval id.
Affected products
1 listed- OpenClaw:OpenClaw
Mappings
CWE
CWE-183
CAPEC
None listed.
CVE® content © MITRE Corporation. Licensed under the CVE Terms of Use. Terms