What is the CVSS score of CVE-2026-28472?

CVE-2026-28472 has a CVSS 3.1 base score of 8.1 (High). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Openclaw are affected by CVE-2026-28472?

Openclaw versions 2026.2.2 and earlier contain a critical authentication bypass vulnerability that could allow unauthorized users to access sensitive functions without proper credentials.. A patch is available.

Openclaw CVE-2026-28472

HIGH

Missing Authentication for Critical Function (CWE-306)

2026-03-05 disclosure@vulncheck.com

GHSA-rv39-79c4-7459

Authentication Bypass Openclaw

8.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:06 vuln.today

Patch released

Mar 09, 2026 - 20:40 nvd

Patch available

CVE Published

Mar 05, 2026 - 22:16 nvd

HIGH 8.1

DescriptionNVD

OpenClaw versions prior to 2026.2.2 contain a vulnerability in the gateway WebSocket connect handshake in which it allows skipping device identity checks when auth.token is present but not validated. Attackers can connect to the gateway without providing device identity or pairing by exploiting the presence check instead of validation, potentially gaining operator access in vulnerable deployments.

AnalysisAI

Openclaw versions up to 2026.2.2 is affected by missing authentication for critical function (CVSS 8.1).

RemediationAI

Within 24 hours: Inventory all Openclaw deployments and identify affected versions (≤2026.2.2); assess network exposure and restrict access to Openclaw instances where possible. Within 7 days: Apply the available patch to all production systems following change management procedures; prioritize internet-facing or data-sensitive instances first. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-28472 vulnerability details – vuln.today

Back

Openclaw CVE-2026-28472

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code