CVE-2026-32057

HIGH

OpenClaw < 2026.2.25 - Authentication Bypass via Control UI client.id Parameter

Title source: cna

Description

OpenClaw versions prior to 2026.2.25 contain an authentication bypass vulnerability in the trusted-proxy Control UI pairing mechanism that accepts client.id=control-ui without proper device identity verification. An authenticated node role websocket client can exploit this by using the control-ui client identifier to skip pairing requirements and gain unauthorized access to node event execution flows.

References (3)

[Third Party Advisory] https://github.com/openclaw/openclaw/security/advisories/GHSA-vvgp-4c28-m3jm

[Patch] https://github.com/openclaw/openclaw/commit/ec45c317f5d0631a3d333b236da58c4749ede2a3

View Patch ZIP pw:eip

[Third Party Advisory] https://www.vulncheck.com/advisories/openclaw-authentication-bypass-via-control-ui-client-id-parameter

Scores

CVSS v3 7.1

EPSS 0.0011

EPSS Percentile 29.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Details

CWE

CWE-807

Status published

Products (4)

npm/openclaw 0 - 2026.2.25npm

OpenClaw/OpenClaw < 2026.2.25

openclaw/openclaw < 2026.2.25

OpenClaw/OpenClaw 2026.2.25

Published Mar 21, 2026

Tracked Since Mar 21, 2026