{"data":{"id":"e7a4f833-8ca3-4962-bfe3-34cfe5f9b205","title":"GHSA-68f8-9mhj-h2mp: OpenClaw has a Gateway HTTP /v1/models Route Bypasses Operator Read Scope","summary":"OpenClaw has a security inconsistency where the HTTP endpoint `/v1/models` (which serves OpenAI-compatible requests) accepts bearer authentication but doesn't check operator scopes (permissions that control what actions a user can perform), while the WebSocket RPC path correctly requires the `operator.read` scope. This means someone with only `operator.approvals` permission can bypass the scope requirement and view model metadata through the HTTP route, even though they would be rejected over WebSocket.","solution":"Fixed in OpenClaw 2026.3.24, the current shipping release. The patch involves: (1) enforcing read scope on `/v1/models` routes before serving the endpoint, (2) reusing the centralized scope-authorization helper function (`authorizeOperatorScopesForMethod(...)`) that WebSocket already uses for HTTP compatibility endpoints to prevent policy drift, and (3) adding regression tests to verify that `operator.approvals` without read is rejected on HTTP `/v1/models` while `operator.read` is accepted on both WebSocket and HTTP.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-68f8-9mhj-h2mp","publishedAt":"2026-03-30T18:41:15.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":["openclaw@<= 2026.3.23 (fixed: 2026.3.24)"],"affectedVendors":[],"affectedVendorsRaw":["OpenClaw"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":true,"disclosureDate":"2026-03-30T18:41:15.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}