Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-32897 is a vulnerability in OpenClaw versions prior to 2026.2.22 where the system reuses the gateway authentication token as a fallback secret for hashing owner-ID prompts when certain configurations are set (commands.ownerDisplay set to "hash" and commands.ownerDisplaySecret unset). This reuse causes the authentication token to be used across different security domains, which is insecure.'}, {'type': 'paragraph', 'content': "Attackers who have access to system prompts sent to third-party model providers can analyze the hash outputs and derive the gateway authentication token, thereby compromising the gateway's authentication security."}, {'type': 'paragraph', 'content': 'The vulnerability arises from a key management error (CWE-320) and was fixed by introducing a dedicated owner display secret that is auto-generated and persisted, isolating it from the gateway authentication tokens.'}] [1, 2, 3]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to the compromise of the gateway authentication token if an attacker gains access to system prompts sent to third-party model providers.

With the gateway authentication token exposed, attackers could potentially bypass authentication controls, leading to unauthorized access to the gateway.

The risk is higher if weak gateway tokens are used and no dedicated owner display secret is set, increasing the likelihood that the token can be derived from hash outputs.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability arises when OpenClaw is configured with commands.ownerDisplay set to "hash" and commands.ownerDisplaySecret unset, causing reuse of gateway authentication tokens as hash secrets.'}, {'type': 'paragraph', 'content': 'To detect this vulnerability on your system, you should check the OpenClaw configuration for these specific settings.'}, {'type': 'list_item', 'content': 'Inspect the OpenClaw configuration file or environment variables to verify if commands.ownerDisplay is set to "hash".'}, {'type': 'list_item', 'content': 'Check if commands.ownerDisplaySecret is unset or empty.'}, {'type': 'list_item', 'content': 'If both conditions are met, your system is vulnerable to this issue.'}, {'type': 'paragraph', 'content': 'Since the vulnerability involves exposure of hash outputs to third-party model providers, monitoring network traffic for such prompts or hash outputs may help detect exploitation attempts, but no specific detection commands are provided.'}] [1, 2]

Useful 0 Not Useful 0

Mitigation Strategies

The vulnerability was fixed in OpenClaw version 2026.2.22 by removing the fallback reuse of gateway authentication tokens as owner-ID prompt hash secrets.

Immediate mitigation steps include:

• Upgrade OpenClaw to version 2026.2.22 or later where the fix is implemented.
• Ensure that the configuration sets commands.ownerDisplaySecret explicitly or allows the system to auto-generate and persist a dedicated owner display secret.
• Avoid using weak gateway authentication tokens to reduce risk.

These steps isolate the secrets used for prompt hashing from those used for gateway authentication, preventing token exposure.

Useful 0 Not Useful 0