Description
OpenClaw Canvas Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of OpenClaw. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the implementation of the the authentication function for canvas endpoints. The issue results from improper implementation of authentication. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-29311.
Published: 2026-04-11
Score: 7.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Authentication Bypass
Action: Assess Impact
AI Analysis

Impact

The vulnerability resides in the authentication logic for Canvas endpoints in OpenClaw. Because authentication is not enforced, attackers can gain unrestricted access to the system without valid credentials. This flaw permits an attacker to execute any operation that a legitimate authenticated user would be able to perform, potentially exposing sensitive data or modifying system state. The weakness corresponds to improper authentication (CWE-291).

Affected Systems

OpenClaw product, all installed versions of OpenClaw are potentially affected. The flaw is reported to exist in the canvas authentication function, but no specific version range is identified in the advisory. Systems running OpenClaw should therefore review whether they are running the current version or assess for any unpatched code paths.

Risk and Exploitability

The CVSS score of 7.4 indicates high severity. EPSS data is not available, and the vulnerability is not listed in the KEV catalog. The attack vector is inferred to be remote, with an attacker able to trigger the bypass through web requests to Canvas endpoints. No public exploit code is cited, but the ability to authenticate without credentials makes the vulnerability readily exploitable by anyone with network access to the application.

Generated by OpenCVE AI on April 11, 2026 at 02:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any available OpenClaw patch or upgrade to a version that resolves the authentication bypass.
  • If no patch is available, block or restrict external access to Canvas endpoints using firewall rules or a reverse proxy to limit the attack surface.
  • Continuously monitor OpenClaw advisories and security bulletins for updates or additional guidance.

Generated by OpenCVE AI on April 11, 2026 at 02:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*

Tue, 14 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Openclaw
Openclaw openclaw
Vendors & Products Openclaw
Openclaw openclaw

Sat, 11 Apr 2026 01:00:00 +0000

Type Values Removed Values Added
Description OpenClaw Canvas Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of OpenClaw. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the the authentication function for canvas endpoints. The issue results from improper implementation of authentication. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-29311.
Title OpenClaw Canvas Authentication Bypass Vulnerability
Weaknesses CWE-291
References
Metrics cvssV3_0

{'score': 7.4, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: zdi

Published:

Updated: 2026-04-14T13:28:03.464Z

Reserved: 2026-03-07T01:52:51.037Z

Link: CVE-2026-3690

cve-icon Vulnrichment

Updated: 2026-04-13T17:33:41.531Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-11T01:16:15.990

Modified: 2026-04-27T17:09:55.803

Link: CVE-2026-3690

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:56:50Z

Weaknesses