Description
OpenClaw before 2026.4.22 contains an authentication bypass vulnerability in the Control UI bootstrap config endpoint that allows unauthenticated attackers to read sensitive configuration fields. Attackers can access the bootstrap config route without a valid Gateway token to expose sensitive bootstrap and config information intended only for authenticated Control UI sessions.
Published: 2026-05-11
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Prior to version 2026.4.22, OpenClaw’s Control UI bootstrap configuration endpoint can be accessed without providing a valid Gateway token, allowing anyone who can reach the endpoint to read sensitive bootstrap and configuration data. The weakness is categorized as an authentication bypass (CWE‑862) and effectively leaks information that should be protected to authenticated sessions.

Affected Systems

The vulnerability affects all installations of OpenClaw OpenClaw that are operating on a Node.js environment and whose version is earlier than 2026.4.22. No newer releases are known to contain this flaw.

Risk and Exploitability

The CVSS score of 6.3 indicates moderate severity. As EPSS data is not available and the issue is not listed in the CISA KEV catalog, the current risk is driven primarily by the ease of exploitation; an unauthenticated attacker with network access to the Control UI can read sensitive configuration values. The impact is limited to information disclosure rather than remote code execution or denial of service, but the exposed data could assist further attacks.

Generated by OpenCVE AI on May 11, 2026 at 18:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.4.22 or later
  • Restrict network traffic to the Control UI bootstrap config endpoint by limiting it to trusted IP ranges
  • Configure a firewall or reverse proxy to block unauthenticated HTTP requests to the bootstrap config route

Generated by OpenCVE AI on May 11, 2026 at 18:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 11 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.4.22 contains an authentication bypass vulnerability in the Control UI bootstrap config endpoint that allows unauthenticated attackers to read sensitive configuration fields. Attackers can access the bootstrap config route without a valid Gateway token to expose sensitive bootstrap and config information intended only for authenticated Control UI sessions.
Title OpenClaw < 2026.4.22 - Authentication Bypass in Gateway Control UI Bootstrap Config Endpoint
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-862
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-11T18:26:43.045Z

Reserved: 2026-05-08T16:41:39.934Z

Link: CVE-2026-44994

cve-icon Vulnrichment

Updated: 2026-05-11T18:26:32.464Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-11T18:16:39.250

Modified: 2026-05-12T14:19:41.400

Link: CVE-2026-44994

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T20:45:25Z

Weaknesses