CVE-2026-32970
LOWOpenClaw < 2026.3.11 - Credential Fallback Logic Bypass via Unavailable Local Auth SecretRefs
Title source: cnaDescription
OpenClaw before 2026.3.11 contains a credential fallback vulnerability where unavailable local gateway.auth.token and gateway.auth.password SecretRefs are treated as unset, allowing fallback to remote credentials in local mode. Attackers can exploit misconfigured local auth references to cause CLI and helper paths to select incorrect credential sources, potentially bypassing intended local authentication boundaries.
References (2)
Core 2
Core References
Third Party Advisory third-party-advisory
GitHub Security Advisory (GHSA-qvr7-g57c-mrc7)
https://github.com/openclaw/openclaw/security/advisories/GHSA-qvr7-g57c-mrc7
Third Party Advisory third-party-advisory
VulnCheck Advisory: OpenClaw < 2026.3.11 - Credential Fallback Logic Bypass via Unavailable Local Auth SecretRefs
https://www.vulncheck.com/advisories/openclaw-credential-fallback-logic-bypass-via-unavailable-local-auth-secretrefs
Scores
CVSS v3
2.5
EPSS
0.0002
EPSS Percentile
5.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-636
Status
published
Products (4)
npm/openclaw
0 - 2026.3.11npm
OpenClaw/OpenClaw
< 2026.3.11
openclaw/openclaw
< 2026.3.11
OpenClaw/OpenClaw
2026.3.11
Published
Mar 31, 2026
Tracked Since
Mar 31, 2026