DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-CJV3-M589-V3RX: GHSA-CJV3-M589-V3RX: Authorization Bypass in OpenClaw Gateway via Shared-IP Fallback

#security #cve #cybersecurity #ghsa

GHSA-CJV3-M589-V3RX: Authorization Bypass in OpenClaw Gateway via Shared-IP Fallback

Vulnerability ID: GHSA-CJV3-M589-V3RX
CVSS Score: 8.1
Published: 2026-03-03

A high-severity authorization bypass vulnerability exists in the OpenClaw Gateway component due to an insecure shared-IP fallback mechanism. In versions prior to 2026.2.22, the system implicitly trusted HTTP requests to sensitive 'Canvas' and 'A2UI' routes if the requester's IP address matched that of an active, authenticated Node WebSocket connection. This flaw allows attackers sharing a network environment (e.g., NAT, VPN, or corporate LAN) with a legitimate node to impersonate that node and access internal interfaces without authentication. The vulnerability is further exacerbated by weak proxy header handling, allowing potential exploitation via IP spoofing.

TL;DR

OpenClaw Gateway improperly trusted requests sharing an IP with authenticated nodes. Attackers on the same NAT/VPN or capable of IP spoofing could bypass auth to access sensitive AI interfaces.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-290
  • Attack Vector: Network
  • CVSS v3.1: 8.1 (High)
  • Privileges Required: None
  • Impact: Confidentiality & Integrity
  • Exploit Status: PoC Available

Affected Systems

  • OpenClaw Gateway
  • openclaw: < 2026.2.22 (Fixed in: 2026.2.22)

Code Analysis

Commit: c45f3c5

Implementation of capability tokens and removal of IP fallback

Refactor authorizeCanvasRequest to require capability tokens
Enter fullscreen mode Exit fullscreen mode

Commit: 08a7967

Harden resolveGatewayClientIp to fail closed on untrusted proxies

Improve proxy header validation logic
Enter fullscreen mode Exit fullscreen mode

Mitigation Strategies

  • Upgrade to version 2026.2.22 or later immediately.
  • Implement strict network segmentation to isolate Gateway traffic.
  • Configure reverse proxies to strip client-supplied X-Forwarded-For headers.

Remediation Steps:

  1. Pull the latest Docker image or update the npm package: npm install openclaw@latest.
  2. Verify the version is >= 2026.2.22.
  3. Review config.trustedProxies settings in the OpenClaw configuration file.
  4. Restart the OpenClaw Gateway service.

References

Read the full report for GHSA-CJV3-M589-V3RX on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)