CVE-2026-3690
Authentication Bypass in OpenClaw Canvas Allows Remote Access
Publication date: 2026-04-11
Last updated on: 2026-04-27
Assigner: Zero Day Initiative
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.2.19 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-291 | The product uses an IP address for authentication. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-3690 is an authentication bypass vulnerability in OpenClaw's Canvas feature. It arises from an improper implementation of the authentication function for canvas endpoints, specifically due to an IP-based fallback authentication mechanism.
When a WebSocket client authenticates from a private IP address, all subsequent HTTP requests from that same IP are granted access to canvas endpoints without requiring their own authentication tokens. This means an attacker sharing the same IP address as an authenticated client can bypass authentication and gain full access to these endpoints without credentials.
The root cause is that the system checks if any connected WebSocket client has the same IP as the HTTP request but does not verify if the HTTP request belongs to the same user, session, or browser, leading to unauthorized access.
How can this vulnerability impact me? :
This vulnerability allows unauthenticated attackers who share the same IP address as an authenticated WebSocket client to gain full access to OpenClaw's canvas endpoints without credentials.
- Authentication Bypass: Attackers can bypass authentication controls.
- Information Disclosure: Attackers can access sensitive data rendered in the A2UI interface, the canvas HTML/JS application, and the WebSocket upgrade endpoint.
- Scope of Impact: Affects all network-exposed OpenClaw deployments where clients share IP addresses, such as corporate NATs, VPNs, Kubernetes clusters, or Docker host-mode networking.
No credentials or user interaction are required to exploit this vulnerability; only network adjacency (sharing the same IP) is necessary.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring access to the OpenClaw canvas endpoints, specifically the paths /__openclaw__/a2ui/, /__openclaw__/canvas/, and /__openclaw__/ws. Detection involves checking if unauthenticated HTTP requests from IP addresses that have an authenticated WebSocket session are granted access without proper authentication tokens.
A practical approach is to analyze network traffic or server logs for HTTP requests to these canvas endpoints that do not include authentication tokens but still receive successful responses (HTTP 200).
Suggested commands include using tools like curl or wget to test access from the same IP address without authentication tokens, for example:
- curl -i http://<openclaw-host>/__openclaw__/canvas/ - without authentication token
- curl -i http://<openclaw-host>/__openclaw__/a2ui/ - without authentication token
- curl -i http://<openclaw-host>/__openclaw__/ws - without authentication token
If these requests return HTTP 200 responses without valid authentication tokens, it indicates the presence of the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update OpenClaw to version 2026.2.19 or later, where the vulnerability has been patched by removing or strengthening the IP-based fallback authentication mechanism for canvas endpoints.
Until the update can be applied, restrict network environments where multiple clients share the same IP address (such as NAT, VPNs, Kubernetes clusters, or Docker host-mode networking) to limit exposure.
Additionally, monitor and restrict access to the canvas endpoints (/__openclaw__/a2ui/, /__openclaw__/canvas/, /__openclaw__/ws) to trusted IP addresses or networks where possible.
Consider deploying intrusion prevention systems or zero-day protection technologies provided by Trend Microβs Zero Day Initiative until patches are applied.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows remote attackers to bypass authentication and gain unauthorized access to sensitive data rendered in the OpenClaw Canvas endpoints. This unauthorized access can lead to information disclosure and compromise of confidentiality and integrity.
Such unauthorized access and potential data breaches can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict access controls and protection of sensitive data.
Specifically, the authentication bypass undermines the security controls necessary to protect personal and sensitive information, increasing the risk of non-compliance with data protection and privacy regulations.