GHSA-68f8-9mhj-h2mp: OpenClaw has a Gateway HTTP /v1/models Route Bypasses Operator Read Scope

March 30, 2026

The OpenAI-compatible HTTP endpoint /v1/models accepts bearer auth but does not enforce operator method scopes.

In contrast, the WebSocket RPC path enforces operator.read for models.list.

A caller connected with operator.approvals (no read scope) is rejected for models.list (missing scope: operator.read) but can still enumerate model metadata through HTTP /v1/models.

Confirmed on current main at commit 06de515b6c42816b62ec752e1c221cab67b38501.

References

github.com/advisories/GHSA-68f8-9mhj-h2mp
github.com/openclaw/openclaw
github.com/openclaw/openclaw/security/advisories/GHSA-68f8-9mhj-h2mp

Code Behaviors & Features

Detect and mitigate GHSA-68f8-9mhj-h2mp with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →