AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

GHSA-v3qc-wrwx-j3pw: OpenClaw: Agentic Consent Bypass — LLM Agent Can Silently Disable Exec Approval via `config.patch`

highvulnerabilityLLM-Specific

security

Source: GitHub Advisory DatabaseApril 2, 2026

Summary

OpenClaw, an LLM agent framework, had a vulnerability where an AI agent could bypass approval controls by using a `config.patch` command (a way to modify settings) to silently disable execution approval requirements. This means an agent could potentially perform restricted actions without human permission.

Solution / Mitigation

The vulnerability was fixed in commit 76411b2afc4ae721e36c12e0ea24fd23e2fed61e on 2026-03-27 and released in version 2026.3.28. Users should update to OpenClaw version 2026.3.28 or later.

Classification

Attack SophisticationModerate

Impact (CIA+S)

integritysafety

AI Component TargetedAgent

Affected Vendors

Affected Packages

openclaw@<= 2026.3.24 (fixed: 2026.3.28)

Monthly digest — independent AI security research

Original source: https://github.com/advisories/GHSA-v3qc-wrwx-j3pw

First tracked: April 3, 2026 at 02:00 AM

Classified by LLM (prompt v3) · confidence: 85%