1  info:
 2    name: OpenClaw
 3    cve: GHSA-4f8g-77mw-3rxc
 4    summary: "OpenClaw Gateway plugin HTTP `auth: gateway` widens identity-bearing `operator.read` requests into runtime `operator.write`"
 5    details: "Impact\r\n\r\nGateway plugin HTTP auth: gateway widens identity-bearing operator.read requests into runtime operator.write.\r\
 6      \n\r\nPlugin HTTP routes using gateway auth could receive runtime write scopes even when the upstream trusted-proxy request\
 7      \ only declared read.\r\n\r\nOpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust\
 8      \ model and does not assume a multi-tenant service boundary.\r\n\r\nAffected Packages / Versions\r\n\r\n- Package: openclaw\
 9      \ (npm)\r\n- Affected versions: 2026.1.29\r\n- Patched versions: 2026.4.8\r\n\r\nFix\r\n\r\nThe issue was fixed on main\
10      \ and is available in the patched npm version listed above. The verified fixed tree is commit d7c3210cd6f5fdfdc1beff4c9541673e814354d5.\r\
11      \n\r\nVerification\r\n\r\nThe fix was re-checked against main before publication, including targeted regression tests\
12      \ for the affected security boundary.\r\n\r\nCredits\r\n\r\nThanks @smaeljaish771 for reporting."
13    cvss: ''
14    severity: HIGH
15    security_advise: Upgrade openclaw to 2026.4.8 or later. The issue was fixed on main and is available in the patched npm
16      version listed above. The verified fixed tree is commit d7c3210cd6f5fdfdc1beff4c9541673e814354d5.
17    references:
18    - https://github.com/openclaw/openclaw/security/advisories/GHSA-4f8g-77mw-3rxc
19  rule: 'version == "2026.1.29"'
20  references:
21  - https://github.com/openclaw/openclaw/security/advisories/GHSA-4f8g-77mw-3rxc