EUVD-2026-21124
GHSA-9gvx-vj57-vqqx
CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where authorizeCanvasRequest() unconditionally allows local-direct requests without validating bearer tokens or canvas capabilities. Attackers can send unauthenticated loopback HTTP and WebSocket requests to Canvas routes to bypass authentication and gain unauthorized access.
Analysis
OpenClaw before version 2026.3.23 contains an authentication bypass in the Canvas gateway where the authorizeCanvasRequest() function unconditionally allows local-direct requests without validating bearer tokens or Canvas capabilities, enabling unauthenticated attackers on the local system to send loopback HTTP and WebSocket requests to bypass authentication and access Canvas routes. The vulnerability requires local network access but no prior authentication, affecting all versions prior to the patched release.
Sign in for full analysis, threat intelligence, and remediation guidance.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today