GHSA-v3qc-wrwx-j3pw: OpenClaw: Agentic Consent Bypass — LLM Agent Can Silently Disable Exec Approval via `config.patch`

April 3, 2026

Agentic Consent Bypass: LLM Agent Can Silently Disable Exec Approval via config.patch

References

github.com/advisories/GHSA-v3qc-wrwx-j3pw
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/76411b2afc4ae721e36c12e0ea24fd23e2fed61e
github.com/openclaw/openclaw/security/advisories/GHSA-v3qc-wrwx-j3pw

Code Behaviors & Features

Detect and mitigate GHSA-v3qc-wrwx-j3pw with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →