CVE-2026-35653 Overview
CVE-2026-35653 is an incorrect authorization vulnerability (CWE-863) affecting OpenClaw versions before 2026.3.24. The vulnerability exists in the POST /reset-profile endpoint, which fails to properly enforce privilege boundaries. Authenticated users with operator.write access to browser.request can bypass profile mutation restrictions, allowing them to perform unauthorized actions including stopping running browsers, closing Playwright connections, and moving profile directories to Trash.
Critical Impact
Attackers with limited operator privileges can escalate their access to perform destructive profile management operations, potentially disrupting browser automation workflows and causing data loss through unauthorized profile deletion.
Affected Products
- OpenClaw versions prior to 2026.3.24
- OpenClaw Node.js package (all vulnerable versions)
Discovery Timeline
- 2026-04-10 - CVE-2026-35653 published to NVD
- 2026-04-13 - Last updated in NVD database
Technical Details for CVE-2026-35653
Vulnerability Analysis
The vulnerability stems from incorrect authorization logic in OpenClaw's POST /reset-profile endpoint. When requests are routed through the browser.request surface, the application fails to properly validate whether the caller has sufficient privileges to perform profile mutation operations. This allows authenticated users who only have operator.write permissions for browser.request to execute privileged profile management functions they should not have access to.
The authorization bypass enables three destructive operations: stopping the running browser instance, terminating active Playwright connections, and moving profile directories to Trash. These actions would normally require elevated permissions beyond the operator.write scope for browser.request.
Root Cause
The root cause is an incorrect authorization check (CWE-863) in the request handling logic. The POST /reset-profile endpoint does not properly verify that the authenticated caller has explicit permissions for profile mutation operations. Instead, it incorrectly inherits permissions from the browser.request scope, allowing operators with write access to that scope to invoke profile reset functionality that crosses intended privilege boundaries.
Attack Vector
The attack vector is network-based and requires authentication. An attacker must:
- Obtain authenticated access to an OpenClaw instance with operator.write permissions for browser.request
- Craft a request to the POST /reset-profile endpoint through the browser.request surface
- The vulnerable authorization logic permits the request despite the caller lacking proper profile mutation privileges
- The attacker can then stop browsers, close Playwright connections, and delete profile directories
The vulnerability is exploited by invoking the POST /reset-profile endpoint via the browser.request interface. Since no verified code examples are available, technical details on the specific request format can be found in the GitHub Security Advisory GHSA-xp9r-prpg-373r.
Detection Methods for CVE-2026-35653
Indicators of Compromise
- Unexpected POST /reset-profile requests from accounts with only operator.write browser.request permissions
- Unusual browser process terminations or Playwright connection closures
- Profile directories unexpectedly moved to Trash without authorized administrative action
- Audit logs showing profile reset operations from non-administrative operators
Detection Strategies
- Monitor API access logs for POST /reset-profile requests and correlate with user permission levels
- Implement alerting on profile reset operations initiated by users without explicit profile management privileges
- Review Playwright connection termination events for patterns indicating unauthorized access
- Audit file system operations targeting profile directories for unexpected modifications
Monitoring Recommendations
- Enable detailed logging for all /reset-profile endpoint requests including caller identity and permission scope
- Configure SIEM rules to detect authorization boundary violations involving the browser.request surface
- Monitor for rapid succession of profile reset operations which may indicate automated exploitation
- Track browser process lifecycle events and correlate with API request logs
How to Mitigate CVE-2026-35653
Immediate Actions Required
- Upgrade OpenClaw to version 2026.3.24 or later immediately
- Review access control configurations to identify accounts with operator.write permissions for browser.request
- Audit logs for any historical exploitation of the POST /reset-profile endpoint
- Temporarily restrict network access to OpenClaw instances if immediate patching is not possible
Patch Information
OpenClaw has released patches addressing this incorrect authorization vulnerability. The fixes are available in the following commits:
For complete details on the vulnerability and remediation, refer to the GitHub Security Advisory GHSA-xp9r-prpg-373r.
Workarounds
- Restrict operator.write permissions for browser.request to only trusted administrative accounts until patching is complete
- Implement network-level access controls to limit which users can reach the OpenClaw API endpoints
- Deploy a reverse proxy or web application firewall to block requests to /reset-profile from non-administrative IP ranges
- Consider temporarily disabling the POST /reset-profile endpoint if profile reset functionality is not critical to operations
# Example: Restrict access to /reset-profile endpoint via nginx
location /reset-profile {
# Allow only from trusted admin network
allow 10.0.0.0/8;
deny all;
proxy_pass http://openclaw-backend;
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
