GHSA-cwj3-vqpp-pmxr: OpenClaw's gateway config mutation guard allowed unsafe model-driven config writes

May 5, 2026

The agent-facing gateway tool protects config.apply and config.patch with a model-to-operator trust boundary. That guard used a hand-maintained denylist of protected config paths. The config schema outgrew that denylist, leaving sensitive subtrees writable through model-driven gateway config mutations.

References

github.com/advisories/GHSA-cwj3-vqpp-pmxr
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/bceda6089aa7b3695cc7696b43c61ae3d01bb0ec
github.com/openclaw/openclaw/security/advisories/GHSA-cwj3-vqpp-pmxr

Code Behaviors & Features

Detect and mitigate GHSA-cwj3-vqpp-pmxr with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →