DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-48VW-M3QC-WR99: GHSA-48VW-M3QC-WR99: Improper Privilege Management in OpenClaw Gateway Trusted-Proxy Sessions

#security #cve #cybersecurity #ghsa

GHSA-48VW-M3QC-WR99: Improper Privilege Management in OpenClaw Gateway Trusted-Proxy Sessions

Vulnerability ID: GHSA-48VW-M3QC-WR99
CVSS Score: 9.8
Published: 2026-03-26

The OpenClaw gateway contains a privilege escalation vulnerability in its WebSocket connection logic when configured for trusted-proxy authentication. Client sessions claiming to be the Control UI over a trusted proxy connection retain self-declared administrative scopes without requiring a bound cryptographic device identity. This flaw permits an attacker capable of routing requests through the proxy to attain full administrative access to the gateway.

TL;DR

A flaw in OpenClaw's WebSocket handler allows an attacker to bypass scope scrubbing by spoofing the Control UI client ID over a trusted proxy connection, resulting in unauthenticated administrative access.

⚠️ Exploit Status: POC

Technical Details

  • Vulnerability Type: Improper Privilege Management
  • CWE ID: CWE-269, CWE-287
  • CVSS Score: 9.8 (Critical)
  • Attack Vector: Network
  • Authentication Required: None
  • Exploit Status: Proof of Concept Available
  • Affected Component: WebSocket Message Handler

Affected Systems

  • OpenClaw Gateway component
  • OpenClaw: < 2026.3.17 (Fixed in: 2026.3.17)

Code Analysis

Commit: ccf16cd

Fix: Scrub unbound scopes for trusted proxy auth connections

Exploit Details

  • Regression Test PoC: Demonstrates forging the control-ui client ID and operator.admin scope over a mocked trusted proxy connection.

Mitigation Strategies

  • Upgrade OpenClaw gateway software to version 2026.3.17 or later.
  • Enforce strict header sanitization on all reverse proxies handling trusted-proxy authentication.
  • Restrict the gateway.controlUi.allowedOrigins parameter to specific administrative domains.
  • Monitor WebSocket logs for anomalous control-ui client connections lacking device pairing events.

Remediation Steps:

  1. Identify all deployed instances of the OpenClaw gateway.
  2. Determine if the instances utilize trusted-proxy authentication configurations.
  3. Pull the updated Docker image or binary for OpenClaw >= 2026.3.17.
  4. Deploy the updated software and restart the gateway services.
  5. Verify the patch application by monitoring the gateway service logs for stable operation.
  6. Review reverse proxy configurations to ensure inbound header stripping for X-Forwarded-* values from untrusted sources.

References

Read the full report for GHSA-48VW-M3QC-WR99 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)