Duplicate Advisory: OpenClaw: MCP loopback owner context is derived from server-issued bearer tokens
High severity
GitHub Reviewed
Published
May 6, 2026
to the GitHub Advisory Database
•
Updated May 11, 2026
Withdrawn
This advisory was withdrawn on May 11, 2026
Description
Published by the National Vulnerability Database
May 6, 2026
Published to the GitHub Advisory Database
May 6, 2026
Reviewed
May 11, 2026
Withdrawn
May 11, 2026
Last updated
May 11, 2026
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-r6xh-pqhr-v4xh. This link is maintained to preserve external references.
Original Description
OpenClaw before 2026.4.22 derives loopback MCP owner context from spoofable server-issued bearer tokens in request headers. Non-owner loopback clients can present themselves as owner to bypass owner-gated operations by manipulating the sender-owner header metadata.
References