14 matches found
OpenClaw Authentication Bypass Vulnerability (CNVD-2026-14839)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an authentication bypass vulnerability caused by a /api/channels route classification flaw due to a mismatch in the depth of normalization between authentication path classification and route path...
CVE-2026-32004
OpenClaw versions prior to 2026.3.2 contain an authentication bypass vulnerability in the /api/channels route classification due to canonicalization depth mismatch between auth-path classification and route-path canonicalization. Attackers can bypass plugin route authentication checks by submitti...
CVE-2026-32004
OpenClaw versions prior to 2026.3.2 contain an authentication bypass vulnerability in the /api/channels route classification due to canonicalization depth mismatch between auth-path classification and route-path canonicalization. Attackers can bypass plugin route authentication checks by submitti...
CVE-2026-32036 OpenClaw < 2026.2.26- Authentication Bypass via Encoded Dot-Segment Traversal in /api/channels
OpenClaw gateway plugin versions prior to 2026.2.26 contain a path traversal vulnerability that allows remote attackers to bypass route authentication checks by manipulating /api/channels paths with encoded dot-segment traversal sequences. Attackers can craft alternate paths using encoded travers...
CVE-2026-32036
OpenClaw gateway plugin (versions before 2026.2.26) is affected by a path traversal flaw in /api/channels that lets an attacker bypass route authentication by using encoded dot-segment traversal. The underlying issue arises when path normalization does not block alternate paths, enabling access t...
EUVD-2026-13320
OpenClaw gateway plugin versions prior to 2026.2.26 contain a path traversal vulnerability that allows remote attackers to bypass route authentication checks by manipulating /api/channels paths with encoded dot-segment traversal sequences. Attackers can craft alternate paths using encoded travers...
CVE-2026-32036
OpenClaw gateway plugin versions prior to 2026.2.26 contain a path traversal vulnerability that allows remote attackers to bypass route authentication checks by manipulating /api/channels paths with encoded dot-segment traversal sequences. Attackers can craft alternate paths using encoded travers...
CVE-2026-32004
OpenClaw is affected in versions prior to 2026.3.2 by an authentication bypass in the /api/channels route due to a canonicalization depth mismatch between auth-path classification and route-path canonicalization. Attackers can bypass plugin route authentication by submitting deeply encoded slash ...
CVE-2026-32004 OpenClaw < 2026.3.2 - Authentication Bypass via Encoded Path in /api/channels Route
OpenClaw versions prior to 2026.3.2 contain an authentication bypass vulnerability in the /api/channels route classification due to canonicalization depth mismatch between auth-path classification and route-path canonicalization. Attackers can bypass plugin route authentication checks by submitti...
CVE-2026-32004 OpenClaw < 2026.3.2 - Authentication Bypass via Encoded Path in /api/channels Route
OpenClaw versions prior to 2026.3.2 contain an authentication bypass vulnerability in the /api/channels route classification due to canonicalization depth mismatch between auth-path classification and route-path canonicalization. Attackers can bypass plugin route authentication checks by submitti...
OpenClaw has encoded-path auth bypass in plugin `/api/channels` route classification
Summary Updated March 2, 2026 Encoded alternate-path requests could bypass plugin route auth checks for /api/channels/ due to canonicalization depth mismatch in vulnerable builds. Affected Packages / Versions - Package: openclaw npm - Latest published vulnerable version: 2026.3.1 - Affected range...
GHSA-V865-P3GQ-HW6M OpenClaw has encoded-path auth bypass in plugin `/api/channels` route classification
Summary Updated March 2, 2026 Encoded alternate-path requests could bypass plugin route auth checks for /api/channels/ due to canonicalization depth mismatch in vulnerable builds. Affected Packages / Versions - Package: openclaw npm - Latest published vulnerable version: 2026.3.1 - Affected range...
OpenClaw has gateway plugin auth bypass via encoded dot-segment traversal in protected /api/channels paths
Summary Gateway plugin route auth protection for /api/channels could be bypassed using encoded dot-segment traversal for example ..%2f in path variants that plugin handlers normalize. Affected Packages / Versions - Package: npm openclaw - Latest published vulnerable version: 2026.2.25 - Vulnerabl...
PT-2026-26417
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.26 Description The OpenClaw gateway plugin contains a path traversal issue that allows remote attackers to bypass route authentication checks. This is achieved by manipulating the /api/channels paths with...