CVE-2026-44110 HIGH

CVE-2026-44110: OpenClaw < 2026.4.15 - Authorization Bypass in Matrix Room Control Commands via DM Pairing Store

Vendor Openclaw
Product OpenClaw
Weakness CWE-863 · Incorrect authorization
Published May 6, 2026
Last update May 7, 2026
View on NVD All CVEs

CVSS base score

7.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without being in configured allowlists by posting in bot rooms, potentially enabling privileged OpenClaw behavior.

Key dates

02Disclosure timeline

May 6, 2026 CVE published
May 7, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-41689 Wallos: Shared local webhook allowlist lets low-privilege users send arbitrary requests to allowlisted internal services CVE-2026-34579 MantisBT has an authorization bypass via private issue monitoring CVE-2020-36623 Pengu index.js runApp cross-site request forgery CVE-2026-44380 MISP: Improper access control in auth key reset allows privilege escalation to site administrator CVE-2026-26973 Discourse doesn't scope reviewable notes to user-visible reviewables