DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-X49Q-FHHM-R9JF: GHSA-rqpp-rjj8-7wv8: Privilege Escalation via WebSocket Authorization Bypass in OpenClaw

#security #cve #cybersecurity #ghsa

GHSA-rqpp-rjj8-7wv8: Privilege Escalation via WebSocket Authorization Bypass in OpenClaw

Vulnerability ID: GHSA-X49Q-FHHM-R9JF
CVSS Score: 9.9
Published: 2026-03-20

A logic flaw in the OpenClaw gateway WebSocket connection handler permits clients authenticating with shared tokens to self-declare and retain elevated administrative scopes. This vulnerability allows an attacker possessing a low-privileged shared secret to bypass intended device-identity boundaries and execute administrative RPC commands against the gateway.

TL;DR

OpenClaw gateway versions up to 2026.3.11 fail to strip client-declared scopes during WebSocket initialization if the client provides a valid shared token. This grants administrative access (e.g., operator.admin) to deviceless connections without server-side validation.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-269
  • Attack Vector: Network
  • CVSS Score: 9.9 (Critical)
  • Exploit Status: Proof of Concept
  • Authentication Required: Low (Shared Token)
  • User Interaction: None

Affected Systems

  • OpenClaw Gateway
  • OpenClaw WebSocket Server
  • openclaw: <= 2026.3.11 (Fixed in: 2026.3.12)

Code Analysis

Commit: 5e389d5

Fix client-declared scopes for shared-token operator connects

Mitigation Strategies

  • Upgrade the openclaw npm package to version 2026.3.12 or later.
  • Rotate all existing shared authentication tokens to invalidate compromised credentials.
  • Implement strict network segmentation to restrict access to the OpenClaw WebSocket endpoint.

Remediation Steps:

  1. Identify all deployments utilizing the openclaw npm package in the environment.
  2. Update the package dependencies in package.json to require openclaw@^2026.3.12.
  3. Rebuild and deploy the gateway application.
  4. Verify the update by executing the provided regression test payload against a staging instance.
  5. Rotate shared tokens used by existing deviceless clients.

References

Read the full report for GHSA-X49Q-FHHM-R9JF on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)