A vulnerability in OpenClaw versions prior to 2026.2.22 causes the gateway authentication token (gateway.auth.token) to be reused as a fallback hash secret for owner‑ID prompt obfuscation when commands.ownerDisplay is set to hash and the corresponding secret is not configured. This dual use of an authentication secret across security domains enables an attacker who can observe the prompts sent to third‑party model providers to mathematically derive the gateway authentication token from the hash output, thereby compromising authentication and potentially allowing unauthorized access to the system. The weakness lies in improper key reuse (CWE‑320).

The affected product is OpenClaw (OpenClaw:OpenClaw). All releases earlier than v2026.2.22 are vulnerable; the advisory does not list subsequent releases as impacted.

The CVSS score is 6.3, indicating moderate severity. EPSS data is not available and the vulnerability is not listed in CISA's KEV catalog. The attack vector requires an attacker to have access to the system prompts that are transmitted to external model providers; it does not require network connectivity to the OpenClaw service itself. Once the token is derived, an attacker can authenticate to the gateway. Because the flaw is not exploitable for arbitrary code execution or denial of service, the risk is focused on credential compromise rather than disruption of service.