CVE-2026-32302
Received Received - Intake
WebSocket Origin Bypass in OpenClaw Enables Privileged Access

Publication date: 2026-03-13

Last updated on: 2026-03-24

Assigner: GitHub, Inc.

Description
OpenClaw is a personal AI assistant. Prior to 2026.3.11, browser-originated WebSocket connections could bypass origin validation when gateway.auth.mode was set to trusted-proxy and the request arrived with proxy headers. A page served from an untrusted origin could connect through a trusted reverse proxy, inherit proxy-authenticated identity, and establish a privileged operator session. This vulnerability is fixed in 2026.3.11.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-13
Last Modified
2026-03-24
Generated
2026-06-16
AI Q&A
2026-03-13
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32302
EUVD
EUVD-2026-11717
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.3.11 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-346 The product does not properly verify that the source of data or communication is valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-32302 is a security vulnerability in the OpenClaw personal AI assistant's gateway WebSocket component when configured in trusted-proxy mode. Before the fix in version 2026.3.11, browser-originated WebSocket connections could bypass origin validation if proxy headers were present. This meant that a malicious web page served from an untrusted origin could connect through a trusted reverse proxy, inherit the proxy-authenticated identity, and establish a privileged operator session. Essentially, the system failed to properly verify the origin of WebSocket requests when proxy headers existed, allowing unauthorized access to privileged functions."}, {'type': 'paragraph', 'content': 'The vulnerability arises because the WebSocket handshake logic exempted requests with proxy headers from the usual origin checks, enabling cross-site WebSocket hijacking attacks. The fix enforces strict browser origin validation on all browser-originated WebSocket connections regardless of proxy headers, preventing untrusted origins from gaining elevated privileges.'}] [1, 2, 3]

Impact Analysis

[{'type': 'paragraph', 'content': "This vulnerability can allow an attacker to cause a victim's browser to load a malicious page that establishes a WebSocket connection to the OpenClaw Gateway endpoint behind a trusted reverse proxy. By bypassing origin validation, the attacker can inherit the proxy-authenticated identity and gain unauthorized operator-level access."}, {'type': 'list_item', 'content': 'The attacker can invoke privileged Gateway methods such as operator.admin and config.get.'}, {'type': 'list_item', 'content': 'Sensitive configuration data and other privileged reads or mutations accessible to operator-class callers could be exposed or manipulated.'}, {'type': 'paragraph', 'content': 'This can lead to a high confidentiality and integrity impact, as unauthorized users gain elevated privileges without proper authentication.'}] [3]

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability involves browser-originated WebSocket connections bypassing origin validation when the gateway is configured in trusted-proxy mode and proxy headers are present.'}, {'type': 'paragraph', 'content': 'To detect exploitation attempts or presence of this vulnerability, you should monitor WebSocket connection requests to the OpenClaw Gateway, especially those arriving with proxy headers and originating from untrusted origins.'}, {'type': 'paragraph', 'content': 'Look for WebSocket handshake requests that include an Origin header from untrusted domains combined with proxy headers indicating trusted-proxy mode.'}, {'type': 'paragraph', 'content': 'Commands to help detect such activity could include network traffic inspection tools like tcpdump or Wireshark to filter WebSocket handshake traffic, for example:'}, {'type': 'list_item', 'content': "tcpdump -i <interface> -A -s 0 'tcp port <gateway_websocket_port> and (((tcp[((tcp[12] & 0xf0) >> 2):4]) = 0x47455420))'"}, {'type': 'list_item', 'content': 'Use grep or similar tools on gateway logs to search for WebSocket handshake requests with suspicious Origin headers and proxy headers.'}, {'type': 'paragraph', 'content': 'Additionally, review gateway logs for operator.admin session creations originating from unexpected or untrusted origins.'}] [2, 3]

Mitigation Strategies

The primary and recommended mitigation is to upgrade OpenClaw to version 2026.3.11 or later, which includes the fix enforcing strict browser origin validation on all browser-originated WebSocket connections regardless of proxy headers.

If an immediate upgrade is not possible, you should:

  • Avoid exposing browser-reachable Gateway WebSocket endpoints in trusted-proxy mode to untrusted origins.
  • Restrict reverse proxy and browser access to the Gateway to trusted origins only.

These steps help prevent untrusted origins from exploiting the bypass in origin validation and gaining privileged operator sessions.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32302. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart