MEDIUM 5.5 npm
Duplicate Advisory: Focus command could miss controlScope enforcement
GHSA-gw2c-6hcg-5g52
Published · Modified
Description
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-mpc8-jxjh-qpgh. This link is maintained to preserve external references.
Original Description
OpenClaw before 2026.4.25 contains a control scope enforcement bypass vulnerability in the focus command that allows authenticated callers to execute the command without proper authorization checks. Attackers can trigger the focus command to change focus state outside intended caller authority, potentially enabling unauthorized operations depending on gateway configuration and input trust levels.
Ready to move
Start Securing
Free, no credit card | First findings in minutes