GHSA-rv2q-f2h5-6xmg: Node Role Device Identity Bypass in OpenClaw
Vulnerability ID: GHSA-RV2Q-F2H5-6XMG
CVSS Score: Critical
Published: 2026-03-03
OpenClaw, an open-source AI assistant infrastructure, contains a critical authorization bypass vulnerability within its WebSocket gateway. The flaw exists in the device-identity validation logic for the node role. Specifically, the system incorrectly permitted clients possessing a valid shared gateway token to bypass device pairing requirements, regardless of the requested role. This allowed unauthorized actors to impersonate processing nodes and inject node.event messages, potentially triggering arbitrary AI agent execution and voice processing flows.
TL;DR
A logic error in OpenClaw's WebSocket handshake allows attackers with a shared gateway token to bypass device authentication. By impersonating a 'Node' role without a paired device, attackers can inject events that control AI agents.
⚠️ Exploit Status: POC
Technical Details
- Attack Vector: Network (WebSocket)
- Authentication: Required (Shared Token)
- Privileges Required: Low (Gateway Token)
- CWE ID: CWE-863
- Impact: Integrity & Confidentiality
- Exploit Status: PoC Available
Affected Systems
- OpenClaw Gateway
- OpenClaw WebSocket Interface
-
OpenClaw: < Commit ddcb2d79 (Fixed in:
Commit ddcb2d79)
Code Analysis
Commit: ddcb2d7
fix: node device check bypass
Mitigation Strategies
- Update OpenClaw to the latest commit including the fix.
- Rotate the shared gateway token to invalidate potentially compromised credentials.
- Implement strict network ACLs for WebSocket access if the gateway should not be public.
Remediation Steps:
- Navigate to the
src/gateway/server/ws-connection/directory. - Locate
message-handler.ts. - Verify that
canSkipDevicelogic checks forrole === 'operator'. - Rebuild and restart the gateway service.
References
Read the full report for GHSA-RV2Q-F2H5-6XMG on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)