CVE-2026-32001
MEDIUM
GHSA-rv2q-f2h5-6xmg
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
3Description
OpenClaw versions prior to 2026.2.22 contain an authentication bypass vulnerability that allows clients authenticated with a shared gateway token to connect as role=node without device identity verification. Attackers can exploit this by claiming the node role during WebSocket handshake to inject unauthorized node.event calls, triggering agent.request and voice.transcript flows without proper device pairing.
Analysis
OpenClaw prior to version 2026.2.22 allows authenticated users to bypass device identity verification and assume a node role during WebSocket connections, enabling injection of unauthorized node events that trigger sensitive agent and voice transcript operations. An attacker with a shared gateway token can exploit this to perform actions without proper device pairing, potentially compromising system integrity and confidentiality. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today