CVE-2026-28472
published 2026-03-05CVE-2026-28472: OpenClaw versions prior to 2026.2.2 contain a vulnerability in the gateway WebSocket connect handshake in which it allows skipping device identity checks when…
PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.36%
27.5th percentile
OpenClaw versions prior to 2026.2.2 contain a vulnerability in the gateway WebSocket connect handshake in which it allows skipping device identity checks when auth.token is present but not validated. Attackers can connect to the gateway without providing device identity or pairing by exploiting the presence check instead of validation, potentially gaining operator access in vulnerable deployments.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openclaw | openclaw | < 2026.2.2 | 2026.2.2 |
| openclaw | openclaw | >= 0 < 2026.2.2 | 2026.2.2 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect WebSocket connect handshake requests to the OpenClaw gateway where auth.token field is present but no device identity or pairing information is provided — this pattern indicates exploitation of the presence-check bypass. ↗
- →Monitor for unexpected operator-level access originating from WebSocket connections that lack valid device identity or pairing credentials on OpenClaw gateway deployments. ↗
- ·Vulnerability affects OpenClaw versions prior to 2026.2.2 (also known as Moltbot or Clawdbot). Upgrade to 2026.2.2 or later to remediate. ↗
- ·The flaw is specifically in the gateway WebSocket connect handshake logic: the code checks for the presence of auth.token rather than validating its value, allowing authentication bypass. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.2CRITICALCVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
OpenClaw's gateway connect could skip device identity checks when auth.token was present but not yet validated
osv·2026-02-17
CVE-2026-28472 [CRITICAL] OpenClaw's gateway connect could skip device identity checks when auth.token was present but not yet validated
OpenClaw's gateway connect could skip device identity checks when auth.token was present but not yet validated
### Summary
The gateway WebSocket `connect` handshake could allow skipping device identity checks when `auth.token` was present but not yet validated.
### Details
In `src/gateway/server/ws-connection/message-handler.ts`, the device-identity requirement could be bypassed based on the *presence* of a non-empty `connectParams.auth.token` rather than a *validated* shared-secret authentication result.
### Impact
In deployments where the gateway WebSocket is reachable and connections can be authorized via Tailscale without validating the shared secret, a client could connect without providing device identity/pairing. Depending on version and configuration, this could result in ope
GHSA
OpenClaw's gateway connect could skip device identity checks when auth.token was present but not yet validated
ghsa·2026-02-17
CVE-2026-28472 [CRITICAL] CWE-306 OpenClaw's gateway connect could skip device identity checks when auth.token was present but not yet validated
OpenClaw's gateway connect could skip device identity checks when auth.token was present but not yet validated
### Summary
The gateway WebSocket `connect` handshake could allow skipping device identity checks when `auth.token` was present but not yet validated.
### Details
In `src/gateway/server/ws-connection/message-handler.ts`, the device-identity requirement could be bypassed based on the *presence* of a non-empty `connectParams.auth.token` rather than a *validated* shared-secret authentication result.
### Impact
In deployments where the gateway WebSocket is reachable and connections can be authorized via Tailscale without validating the shared secret, a client could connect without providing device identity/pairing. Depending on version and configuration, this could result in ope
No detection rules found.
No public exploits indexed.
2026-03-05
Published