Description
OpenClaw versions prior to 2026.2.21 incorrectly apply tokenless Tailscale header authentication to HTTP gateway routes, allowing bypass of token and password requirements. Attackers on trusted networks can exploit this misconfiguration to access HTTP gateway routes without proper authentication credentials.
Published: 2026-03-21
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Authentication bypass enabling unauthorized access to HTTP gateway routes.
Action: Immediate Patch
AI Analysis

Impact

OpenClaw versions before 2026.2.21 incorrectly apply tokenless Tailscale header authentication to HTTP gateway routes, allowing attackers on trusted networks to bypass required tokens or passwords and access protected routes without credentials. This authorization bypass, classified as CWE-290, can expose confidential data, allow tampering, or disrupt service within the gateway.

Affected Systems

The vulnerable product is OpenClaw, a Node.js application. All releases older than version 2026.2.21 are affected. The flaw manifests in the HTTP gateway route handling, impacting any service that relies on Tailscale authentication for access control.

Risk and Exploitability

With a CVSS score of 8.2, the vulnerability is considered high severity. No EPSS score is available and there is no record of public exploitation yet. The likely attack vector is a network-based approach from within a trusted network that can provide the tokenless Tailscale header. Successful exploitation would grant attackers unrestricted access to gateway routes, potentially leading to data theft or other malicious actions.

Generated by OpenCVE AI on March 21, 2026 at 08:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.2.21 or later.
  • Disable tokenless Tailscale authentication on HTTP gateway routes if not required.
  • Restrict access to the HTTP gateway to trusted networks or segment the network to limit exposure.
  • Review and monitor access logs for unexpected patterns.
  • Keep OpenClaw and its dependencies updated regularly.

Generated by OpenCVE AI on March 21, 2026 at 08:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-hff7-ccv5-52f8 OpenClaw's gateway tokenless Tailscale auth applied to HTTP routes
History

Mon, 23 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sat, 21 Mar 2026 05:30:00 +0000

Type Values Removed Values Added
Description OpenClaw versions prior to 2026.2.21 incorrectly apply tokenless Tailscale header authentication to HTTP gateway routes, allowing bypass of token and password requirements. Attackers on trusted networks can exploit this misconfiguration to access HTTP gateway routes without proper authentication credentials.
Title OpenClaw < 2026.2.21 - Authentication Bypass in HTTP Gateway Routes via Tokenless Tailscale Auth
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-290
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 8.2, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-23T16:42:38.318Z

Reserved: 2026-03-10T19:48:44.964Z

Link: CVE-2026-32045

cve-icon Vulnrichment

Updated: 2026-03-23T16:42:33.560Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-21T01:17:07.140

Modified: 2026-03-24T21:16:28.700

Link: CVE-2026-32045

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:33:28Z

Weaknesses