EUVD-2026-13974
GHSA-8mr2-f9wf-hcfq
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
5Description
OpenClaw versions prior to 2026.2.22 reuse gateway.auth.token as a fallback hash secret for owner-ID prompt obfuscation when commands.ownerDisplay is set to hash and commands.ownerDisplaySecret is unset, creating dual-use of authentication secrets across security domains. Attackers with access to system prompts sent to third-party model providers can derive the gateway authentication token from the hash outputs, compromising gateway authentication security.
Analysis
OpenClaw versions prior to 2026.2.22 suffer from cryptographic secret reuse where the gateway authentication token is inappropriately reused as a fallback hashing secret for owner-ID obfuscation in system prompts sent to third-party model providers. An unauthenticated attacker with visibility into system prompts (such as through model provider logs, prompt injection, or interception) can reverse-engineer the gateway authentication token from hash outputs when commands.ownerDisplay is set to hash and commands.ownerDisplaySecret is unset, directly compromising authentication security. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
During next maintenance window: Apply vendor patches when convenient. Vendor patch is available.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today