CVE-2026-31998
Published: 19 March 2026
Summary
CVE-2026-31998 is a high-severity Incorrect Authorization (CWE-863) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires enforcement of approved authorizations, directly addressing the authorization bypass in the synology-chat plugin where empty allowedUserIds fails open.
Mandates timely identification, reporting, and correction of flaws like the fail-open authorization check in OpenClaw versions 2026.2.22 and 2026.2.23.
Limits damage from authorization bypass by ensuring Synology sender access grants only least privilege necessary for tasks.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Authorization bypass in network-accessible synology-chat plugin directly enables remote exploitation of a public-facing application to perform unauthorized agent dispatch and tool actions.
NVD Description
OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization bypass vulnerability in the synology-chat channel plugin where dmPolicy set to allowlist with empty allowedUserIds fails open. Attackers with Synology sender access can bypass authorization checks and trigger unauthorized agent dispatch and…
more
downstream tool actions.
Deeper analysisAI
CVE-2026-31998 is an authorization bypass vulnerability (CWE-863) affecting OpenClaw versions 2026.2.22 and 2026.2.23, specifically in the synology-chat channel plugin. The issue arises when the dmPolicy is configured as an allowlist with an empty allowedUserIds list, causing the authorization check to fail open. This flaw has a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L), indicating high severity due to its network accessibility, low attack complexity, and lack of prerequisites.
Attackers who possess Synology sender access can exploit this vulnerability remotely without privileges or user interaction. By bypassing authorization checks, they can trigger unauthorized agent dispatch and execute downstream tool actions, potentially leading to limited confidentiality loss, high integrity impact, and limited availability disruption.
Mitigation details are available in official advisories and patch commits. The OpenClaw GitHub security advisory (GHSA-gw85-xp4q-5gp9) and VulnCheck advisory document the issue, while commits 0ee30361b8f6ef3f110f3a7b001da6dd3df96bb5 and 7655c0cb3a47d0647cbbf5284e177f90b4b82ddb provide fixes to address the empty allowedUserIds failure mode in the synology-chat plugin. Security practitioners should update to patched versions beyond 2026.2.23.
Details
- CWE(s)