CVE-2026-31998
Last modified
CVE-2026-31998 is a high-severity vulnerability rated 8.3/10 on the CVSS scale. OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization bypass vulnerability in the synology-chat channel plugin where dmPolicy set to allowlist with empty allowedUserIds fails open. Attackers with Synology sender access can bypass authorization checks and trigger unauthorized agent dispatch and downstream tool actions.. EPSS estimates a 0.32% chance of exploitation in the next 30 days.
Description
OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization bypass vulnerability in the synology-chat channel plugin where dmPolicy set to allowlist with empty allowedUserIds fails open. Attackers with Synology sender access can bypass authorization checks and trigger unauthorized agent dispatch and downstream tool actions.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Openclaw | Openclaw | >= 2026.2.22, < 2026.2.24 |
References
- https://github.com/openclaw/openclaw/security/advisories/GHSA-gw85-xp4q-5gp9Mitigation, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2026-31998?
How severe is CVE-2026-31998?
How do I fix CVE-2026-31998?
Are you affected by CVE-2026-31998?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST