Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Blast Radius
ecosystem impact- 3 npm packages depend on openclaw (3 direct, 0 indirect)
Ecosystem-wide dependent count for version 2026.3.28.
DescriptionCVE.org
OpenClaw before 2026.3.25 contains an authentication bypass vulnerability in raw card send surface that allows unpaired recipients to mint legacy callback payloads. Attackers can send raw card commands to bypass DM pairing restrictions and reach callback handling without proper authorization.
AnalysisAI
OpenClaw before version 2026.3.25 contains an authentication bypass vulnerability in the raw card send surface that allows unauthenticated remote attackers to send malformed card commands, bypassing DM pairing restrictions and reaching callback handlers without proper authorization. This enables unpaired recipients to mint legacy callback payloads, resulting in integrity compromise of the messaging protocol. No public exploit code or active exploitation has been confirmed, but the low attack complexity and network accessibility make this a practical vulnerability.
Technical ContextAI
OpenClaw's card send functionality implements a Direct Messaging (DM) pairing mechanism intended to restrict callback payload generation to authorized paired recipients. The vulnerability stems from improper input validation in the raw card command parser (CWE-288: Authentication Bypass by Alternate Route), allowing attackers to craft specially-formed card commands that circumvent the pairing validation checks. The affected component processes callback payloads through a legacy pathway that does not enforce authentication state verification before executing callback handlers. This affects all versions of OpenClaw distributed via the cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:*:*:* CPE identifier prior to version 2026.3.25.
RemediationAI
Vendor-released patch: OpenClaw version 2026.3.25 and later. Upgrade immediately to the patched version, which addresses the authentication bypass by implementing proper validation of card commands against the DM pairing state before callback payload processing. The upstream fix is available in commit 81c45976db532324b5a0918a70decc19520dc354 and corresponding tagged release. No interim workarounds are documented; patching is the primary remediation path. Refer to the GitHub security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-77w2-crqv-cmv3 for detailed upgrade instructions and validation procedures.
Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.
Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access b
OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated att
An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.
OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs e
Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files in
OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, all
OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace director
OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run func
OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consiste
OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low
OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSec
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-21474