New: Corgea AI Pentesting — autonomous penetration testing in hours, not weeks
MEDIUM 5.5 npm

Duplicate Advisory: Focus command could miss controlScope enforcement

GHSA-gw2c-6hcg-5g52

Published · Modified

Description

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-mpc8-jxjh-qpgh. This link is maintained to preserve external references.

Original Description

OpenClaw before 2026.4.25 contains a control scope enforcement bypass vulnerability in the focus command that allows authenticated callers to execute the command without proper authorization checks. Attackers can trigger the focus command to change focus state outside intended caller authority, potentially enabling unauthorized operations depending on gateway configuration and input trust levels.

Ready to move

Start Securing

Free, no credit card | First findings in minutes