CVE-2026-32025
Authentication Bypass in OpenClaw WebSocket Clients Enables Brute-Force
Publication date: 2026-03-19
Last updated on: 2026-03-23
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.2.25 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-307 | The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
OpenClaw versions prior to 2026.2.25 have a security weakness in their browser-origin WebSocket clients. This weakness allows attackers to bypass origin checks and authentication throttling when the software is deployed on loopback interfaces.
An attacker can exploit this by tricking a user into opening a malicious webpage, which then performs password brute-force attacks against the OpenClaw gateway. If successful, the attacker can establish an authenticated operator session and gain the ability to invoke control-plane methods.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to bypass authentication protections and gain unauthorized access to the OpenClaw gateway.
Once authenticated, the attacker can invoke control-plane methods, potentially allowing them to control or manipulate the system in unauthorized ways.
This could lead to unauthorized operations, data compromise, or disruption of services managed by the OpenClaw gateway.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know