DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-V6X2-2QVM-6GV8: GHSA-V6X2-2QVM-6GV8: Critical Token Leak via Insecure Hashing Fallback in OpenClaw

#security #cve #cybersecurity #ghsa

GHSA-V6X2-2QVM-6GV8: Critical Token Leak via Insecure Hashing Fallback in OpenClaw

Vulnerability ID: GHSA-V6X2-2QVM-6GV8
CVSS Score: 9.8
Published: 2026-03-03

A critical vulnerability in OpenClaw allows for the recovery of high-privilege gateway authentication tokens due to an insecure fallback mechanism in the privacy-preservation logic. When anonymizing owner identifiers for external LLM prompts, the system defaults to using the sensitive gateway.auth.token as a cryptographic salt if no dedicated display secret is configured. This results in the transmission of hashes derived from the authentication token to third-party providers, enabling offline brute-force attacks to recover the administrative credentials.

TL;DR

OpenClaw reuses the primary gateway authentication token as a salt for hashing user IDs sent to LLM providers. Attackers with access to LLM logs can brute-force these hashes to recover the admin token, granting full control over the AI assistant. Fixed in version 2026.2.22.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-1204 (Weak Salt)
  • CVSS v3.1: 9.8 (Critical)
  • Attack Vector: Network
  • Impact: Credential Exposure / RCE
  • Exploit Status: Poc Available
  • Patch Date: 2026-02-22

Affected Systems

  • OpenClaw Gateway (CLI Runner)
  • OpenClaw Embedded Runners
  • OpenClaw: < 2026.2.22 (Fixed in: 2026.2.22)

Code Analysis

Commit: c99e769

fix: decouple ownerDisplaySecret from auth tokens

Mitigation Strategies

  • Upgrade to version 2026.2.22 immediately.
  • Rotate all gateway authentication tokens.
  • Explicitly configure display secrets.

Remediation Steps:

  1. Step 1: Update Software: Pull the latest version of OpenClaw (tag v2026.2.22 or later). Verify the installation.
  2. Step 2: Rotate Tokens (CRITICAL): Since the previous tokens may have been logged externally in hashed forms, you MUST regenerate your gateway.auth.token and gateway.remote.token. Simply patching the code does not invalidate already leaked credentials.
  3. Step 3: Verify Configuration: Check your openclaw.json or config.yaml. Ensure that commands.ownerDisplaySecret is set to a unique, high-entropy string if you are using ownerDisplay: "hash".
  4. Step 4: Audit Logs: Review access logs for the OpenClaw gateway for any unrecognized IP addresses or unusual command execution times occurring prior to the patch.

References

Read the full report for GHSA-V6X2-2QVM-6GV8 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)