Skip to main content

Openclaw EUVDEUVD-2026-21622

| CVE-2026-3690 HIGH
Reliance on IP Address for Authentication (CWE-291)
2026-04-11 zdi GHSA-93g8-mgqc-w7h9
7.4
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

4
Re-analysis Queued
Apr 27, 2026 - 17:22 vuln.today
cvss_changed
EUVD ID Assigned
Apr 11, 2026 - 01:00 euvd
EUVD-2026-21622
Analysis Generated
Apr 11, 2026 - 01:00 vuln.today
CVE Published
Apr 11, 2026 - 00:17 nvd
HIGH 7.4

DescriptionCVE.org

OpenClaw Canvas Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of OpenClaw. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the implementation of the the authentication function for canvas endpoints. The issue results from improper implementation of authentication. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-29311.

AnalysisAI

Unauthenticated remote attackers bypass authentication in OpenClaw canvas endpoints due to improper authentication implementation (CWE-291). Exploitation requires no user interaction and yields high confidentiality/integrity impact. Network-accessible attack vector with high complexity (CVSS:3.0 7.4 AV:N/AC:H/PR:N). No public exploit identified at time of analysis. Originally reported as ZDI-CAN-29311.

Technical ContextAI

Authentication function for canvas endpoints contains implementation flaw allowing authentication mechanism bypass. CWE-291 (Missing Authentication for Critical Function) indicates authentication check absent or incorrectly enforced. CVSS AC:H suggests attack requires specific timing, conditions, or preparation despite network accessibility. Root cause in logic error rather than input validation weakness.

RemediationAI

Apply vendor-released patch per GitHub Security Advisory GHSA-vvjh-f6p9-5vcf at https://github.com/openclaw/openclaw/security/advisories/GHSA-vvjh-f6p9-5vcf. Consult Zero Day Initiative advisory ZDI-26-228 at https://www.zerodayinitiative.com/advisories/ZDI-26-228/ for additional technical details. Released patched version not independently confirmed from provided references. Interim mitigations: restrict network access to canvas endpoints via firewall rules limiting exposure to trusted IP ranges, implement reverse proxy with mandatory authentication layer, disable canvas functionality if not operationally required. Monitor authentication logs for repeated failed canvas endpoint access patterns indicating exploitation attempts.

CVE-2026-28446 CRITICAL POC
9.4 Mar 05

Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.

CVE-2026-33579 CRITICAL POC
9.4 Mar 31

Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access b

CVE-2026-32042 HIGH POC
8.8 Mar 21

OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated att

CVE-2026-32051 HIGH POC
8.8 Mar 21

An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.

CVE-2026-25253 HIGH POC
8.8 Feb 01

OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs e

CVE-2026-32846 HIGH POC
8.7 Mar 26

Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files in

CVE-2026-32064 HIGH POC
7.7 Mar 21

OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, all

CVE-2026-32055 HIGH POC
7.6 Mar 21

OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace director

CVE-2026-32056 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run func

CVE-2026-32049 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consiste

CVE-2026-32048 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low

CVE-2026-25474 HIGH POC
7.5 Feb 19

OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSec

Share

EUVD-2026-21622 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy