Description
OpenClaw gateway plugin versions prior to 2026.2.26 contain a path traversal vulnerability that allows remote attackers to bypass route authentication checks by manipulating /api/channels paths with encoded dot-segment traversal sequences. Attackers can craft alternate paths using encoded traversal patterns to access protected plugin channel routes when handlers normalize the incoming path, circumventing security controls.
Published: 2026-03-19
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Authentication Bypass
Action: Apply Patch
AI Analysis

Impact

OpenClaw gateway plugin versions older than 2026.2.26 contain a path traversal flaw that allows an attacker to bypass route authentication checks by inserting encoded dot‑segment (../) patterns into the /api/channels endpoint. The flaw is a classic example of CWE‑22 (Path Traversal) combined with a broken authentication control (CWE‑289). By crafting a malicious HTTP request that normalizes the path, an attacker can reach protected plugin channel routes that should require proper authorization, effectively gaining unauthorized access to configuration or control features exposed by the plugin.

Affected Systems

The vulnerability impacts all OpenClaw gateway plugin deployments running versions prior to 2026.2.26. Vendors and products affected are OpenClaw’s OpenClaw gateway plugin; no specific sub‑components or modules are listed beyond the /api/channels interface.

Risk and Exploitability

The CVSS score of 8.3 classifies this as a high‑severity vulnerability, and the EPSS score of less than 1% indicates a low probability of exploitation data, although it is not listed in the CISA KEV catalog. The attack vector is inferred to be remote, as the attacker only needs the ability to send HTTP requests to the /api/channels endpoint. Successful exploitation does not require privileged access on the host but results in a privilege escalation by bypassing authentication.

Generated by OpenCVE AI on March 23, 2026 at 18:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to OpenClaw version 2026.2.26 or newer.
  • Verify after the upgrade that authentication checks for the /api/channels routes are still enforced and that the path is properly normalized.
  • If an immediate upgrade is not possible, enforce network‑level restrictions to block or limit external access to the /api/channels endpoint until a patch can be applied.
  • Continuously monitor API access logs for anomalous path traversal attempts.

Generated by OpenCVE AI on March 23, 2026 at 18:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-mwxv-35wr-4vvj OpenClaw has gateway plugin auth bypass via encoded dot-segment traversal in protected /api/channels paths
History

Mon, 23 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-22

Fri, 20 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Description OpenClaw gateway plugin versions prior to 2026.2.26 contain a path traversal vulnerability that allows remote attackers to bypass route authentication checks by manipulating /api/channels paths with encoded dot-segment traversal sequences. Attackers can craft alternate paths using encoded traversal patterns to access protected plugin channel routes when handlers normalize the incoming path, circumventing security controls.
Title OpenClaw < 2026.2.26- Authentication Bypass via Encoded Dot-Segment Traversal in /api/channels
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-289
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N'}

cvssV4_0

{'score': 8.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-20T14:26:56.375Z

Reserved: 2026-03-10T19:48:43.187Z

Link: CVE-2026-32036

cve-icon Vulnrichment

Updated: 2026-03-20T14:26:46.432Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-19T22:16:39.583

Modified: 2026-03-23T17:12:56.803

Link: CVE-2026-32036

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T11:54:26Z

Weaknesses