CVE-2026-3690
Received Received - Intake
Authentication Bypass in OpenClaw Canvas Allows Remote Access

Publication date: 2026-04-11

Last updated on: 2026-04-27

Assigner: Zero Day Initiative

Description
OpenClaw Canvas Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of OpenClaw. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the the authentication function for canvas endpoints. The issue results from improper implementation of authentication. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-29311.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-11
Last Modified
2026-04-27
Generated
2026-06-16
AI Q&A
2026-04-11
EPSS Evaluated
2026-06-15
NVD
CVE-2026-3690
EUVD
EUVD-2026-21622
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.2.19 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-291 The product uses an IP address for authentication.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-3690 is an authentication bypass vulnerability in OpenClaw's Canvas feature. It arises from an improper implementation of the authentication function for canvas endpoints, specifically due to an IP-based fallback authentication mechanism.

When a WebSocket client authenticates from a private IP address, all subsequent HTTP requests from that same IP are granted access to canvas endpoints without requiring their own authentication tokens. This means an attacker sharing the same IP address as an authenticated client can bypass authentication and gain full access to these endpoints without credentials.

The root cause is that the system checks if any connected WebSocket client has the same IP as the HTTP request but does not verify if the HTTP request belongs to the same user, session, or browser, leading to unauthorized access.

Impact Analysis

This vulnerability allows unauthenticated attackers who share the same IP address as an authenticated WebSocket client to gain full access to OpenClaw's canvas endpoints without credentials.

  • Authentication Bypass: Attackers can bypass authentication controls.
  • Information Disclosure: Attackers can access sensitive data rendered in the A2UI interface, the canvas HTML/JS application, and the WebSocket upgrade endpoint.
  • Scope of Impact: Affects all network-exposed OpenClaw deployments where clients share IP addresses, such as corporate NATs, VPNs, Kubernetes clusters, or Docker host-mode networking.

No credentials or user interaction are required to exploit this vulnerability; only network adjacency (sharing the same IP) is necessary.

Detection Guidance

This vulnerability can be detected by monitoring access to the OpenClaw canvas endpoints, specifically the paths /__openclaw__/a2ui/, /__openclaw__/canvas/, and /__openclaw__/ws. Detection involves checking if unauthenticated HTTP requests from IP addresses that have an authenticated WebSocket session are granted access without proper authentication tokens.

A practical approach is to analyze network traffic or server logs for HTTP requests to these canvas endpoints that do not include authentication tokens but still receive successful responses (HTTP 200).

Suggested commands include using tools like curl or wget to test access from the same IP address without authentication tokens, for example:

  • curl -i http://<openclaw-host>/__openclaw__/canvas/ - without authentication token
  • curl -i http://<openclaw-host>/__openclaw__/a2ui/ - without authentication token
  • curl -i http://<openclaw-host>/__openclaw__/ws - without authentication token

If these requests return HTTP 200 responses without valid authentication tokens, it indicates the presence of the vulnerability.

Mitigation Strategies

The immediate mitigation step is to update OpenClaw to version 2026.2.19 or later, where the vulnerability has been patched by removing or strengthening the IP-based fallback authentication mechanism for canvas endpoints.

Until the update can be applied, restrict network environments where multiple clients share the same IP address (such as NAT, VPNs, Kubernetes clusters, or Docker host-mode networking) to limit exposure.

Additionally, monitor and restrict access to the canvas endpoints (/__openclaw__/a2ui/, /__openclaw__/canvas/, /__openclaw__/ws) to trusted IP addresses or networks where possible.

Consider deploying intrusion prevention systems or zero-day protection technologies provided by Trend Micro’s Zero Day Initiative until patches are applied.

Compliance Impact

The vulnerability allows remote attackers to bypass authentication and gain unauthorized access to sensitive data rendered in the OpenClaw Canvas endpoints. This unauthorized access can lead to information disclosure and compromise of confidentiality and integrity.

Such unauthorized access and potential data breaches can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict access controls and protection of sensitive data.

Specifically, the authentication bypass undermines the security controls necessary to protect personal and sensitive information, increasing the risk of non-compliance with data protection and privacy regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3690. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart