CVE-2026-28472
Authentication Bypass in OpenClaw Gateway WebSocket Handshake
Publication date: 2026-03-05
Last updated on: 2026-03-09
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.2.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in OpenClaw versions prior to 2026.2.2 and affects the gateway WebSocket connect handshake process.
Specifically, it allows attackers to bypass device identity checks when an auth.token is present but not properly validated.
As a result, attackers can connect to the gateway without providing device identity or pairing by exploiting the presence check instead of actual validation.
This can potentially grant them operator access in vulnerable deployments.
How can this vulnerability impact me? :
The vulnerability can allow unauthorized attackers to gain operator-level access to the gateway.
This means attackers could potentially control or manipulate the device or system that relies on the OpenClaw gateway.
Such unauthorized access could lead to data breaches, disruption of services, or further exploitation within the affected environment.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know