DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-V865-P3GQ-HW6M: GHSA-V865-P3GQ-HW6M: Path Canonicalization Bypass in OpenClaw Gateway

#security #cve #cybersecurity #ghsa

GHSA-V865-P3GQ-HW6M: Path Canonicalization Bypass in OpenClaw Gateway

Vulnerability ID: GHSA-V865-P3GQ-HW6M
CVSS Score: 6.5
Published: 2026-03-03

A path-based authentication bypass vulnerability exists in the OpenClaw AI Gateway due to insufficient URL decoding depth. Attackers can bypass the Policy Enforcement Point (PEP) by using multi-encoded path separators (e.g., %252f), allowing unauthorized access to sensitive plugin routes.

TL;DR

OpenClaw versions prior to 2026.3.2 contain a logic flaw in the gateway's request path canonicalization. By using deeply nested URL encoding, an attacker can mask protected routes from the security filter while the downstream router correctly resolves them, granting unauthenticated access to internal APIs.

⚠️ Exploit Status: POC

Technical Details

  • CWE: CWE-436 (Interpretation Conflict)
  • Attack Vector: Network (Remote)
  • Impact: Authentication Bypass
  • Severity: Moderate
  • Status: Patched
  • Exploitability: High (Low Complexity)

Affected Systems

  • OpenClaw AI Gateway
  • OpenClaw Plugin Router
  • BlueBubbles Plugin
  • Zalo Plugin
  • Google Chat Plugin
  • OpenClaw: < 2026.3.2 (Fixed in: 2026.3.2)

Code Analysis

Commit: 93b0724

Implemented fail-closed path canonicalization and increased decode depth

- const MAX_PATH_DECODE_PASSES = 3;
+ const MAX_PATH_DECODE_PASSES = 32;
Enter fullscreen mode Exit fullscreen mode

Commit: 7a7eee9

Unified route registration and ownership guards

N/A
Enter fullscreen mode Exit fullscreen mode

Exploit Details

  • GitHub Advisory: Path-based authentication bypass via canonicalization mismatch

Mitigation Strategies

  • Upgrade OpenClaw to version 2026.3.2 or later.
  • Implement a strict WAF rule to block requests containing multi-encoded characters (e.g., %25).
  • Configure the gateway to enforce default-deny policies for unknown routes.

Remediation Steps:

  1. Pull the latest docker image or source code for OpenClaw version 2026.3.2.
  2. Review custom plugins to ensure they do not rely on api.registerHttpHandler.
  3. Migrate any legacy plugin routes to api.registerHttpRoute with explicit auth contracts (e.g., { auth: 'gateway' }).
  4. Restart the OpenClaw service to apply the new canonicalization logic.

References

Read the full report for GHSA-V865-P3GQ-HW6M on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)