Impact
OpenClaw before version 2026.5.18 fails to properly validate identity headers when the trusted‑proxy configuration is enabled, allowing a local attacker with access to the gateway port to forge headers and impersonate the operator. This authentication bypass can give the attacker the privileges of the operator or higher, potentially enabling full administrative control over the system. The weakness constitutes a CWE‑290 issue where trust is incorrectly applied to header values when the source is presumed trusted.
Affected Systems
The affected product is OpenClaw OpenClaw, versions earlier than 2026.5.18. Users running these editions on any platform where the trusted‑proxy header validation is active are susceptible to the forging exploit.
Risk and Exploitability
The CVSS score of 7.4 indicates a high severity vulnerability, and although no EPSS score is available, the lack of a KEV listing does not reduce the risk. Attackers must be able to communicate with the proxy‑facing Gateway port on the same host, suggesting a local but privileged context; however, once the forged header is accepted, privilege escalation is immediate. The potential impact is significant because it enables operator impersonation and could lead to further compromise of the application.
OpenCVE Enrichment