Description
OpenClaw is a personal AI assistant. Prior to 2026.3.11, browser-originated WebSocket connections could bypass origin validation when gateway.auth.mode was set to trusted-proxy and the request arrived with proxy headers. A page served from an untrusted origin could connect through a trusted reverse proxy, inherit proxy-authenticated identity, and establish a privileged operator session. This vulnerability is fixed in 2026.3.11.
Published: 2026-03-12
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized privileged operator access
Action: Immediate Patch
AI Analysis

Impact

OpenClaw allows a browser‑originated WebSocket connection to bypass origin validation when gateway.auth.mode is set to trusted‑proxy and the request carries proxy headers. A page served from an untrusted origin can therefore inherit the proxy‑authenticated identity and start an operator.admin session. The attacker gains full control over the OpenClaw instance, compromising confidentiality, integrity and availability. This weakness is identified as CWE‑346.

Affected Systems

The vulnerability affects the OpenClaw personal AI assistant (openclaw:openclaw) running on Node.js. All releases prior to 2026.3.11 that use gateway.auth.mode set to trusted‑proxy are vulnerable. No narrower version list is supplied beyond the release that contains the fix.

Risk and Exploitability

With a CVSS score of 8.1 the issue is high severity, yet the EPSS score is below 1 % and it is not listed in the CISA KEV catalog, implying a low probability of widespread exploitation. The attack requires only a malicious web page hosted on an untrusted origin that can reach the reverse proxy; the exploitation path is straightforward once the configuration is in place.

Generated by OpenCVE AI on March 24, 2026 at 22:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.3.11 or later.
  • If an immediate upgrade is not possible, disable gateway.auth.mode trusted‑proxy or enforce strict origin validation for WebSocket connections.
  • Restrict access to the reverse proxy by limiting or blocking untrusted web origins.
  • Monitor WebSocket connection logs for anomalous proxy header usage.
  • Apply network segmentation or firewall rules to prevent unintended traversal through the reverse proxy.

Generated by OpenCVE AI on March 24, 2026 at 22:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-5wcw-8jjv-m286 OpenClaw: Untrusted web origins can obtain authenticated operator.admin access in trusted-proxy mode
History

Tue, 24 Mar 2026 21:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*

Fri, 13 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Openclaw
Openclaw openclaw
Vendors & Products Openclaw
Openclaw openclaw

Thu, 12 Mar 2026 21:45:00 +0000

Type Values Removed Values Added
Description OpenClaw is a personal AI assistant. Prior to 2026.3.11, browser-originated WebSocket connections could bypass origin validation when gateway.auth.mode was set to trusted-proxy and the request arrived with proxy headers. A page served from an untrusted origin could connect through a trusted reverse proxy, inherit proxy-authenticated identity, and establish a privileged operator session. This vulnerability is fixed in 2026.3.11.
Title OpenClaw: Untrusted web origins can obtain authenticated operator.admin access in trusted-proxy mode
Weaknesses CWE-346
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-13T13:11:06.707Z

Reserved: 2026-03-11T21:16:21.658Z

Link: CVE-2026-32302

cve-icon Vulnrichment

Updated: 2026-03-13T13:11:03.128Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-13T19:54:41.650

Modified: 2026-03-24T21:36:21.617

Link: CVE-2026-32302

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T11:50:04Z

Weaknesses