4 matches found
CVE-2026-32004
OpenClaw versions prior to 2026.3.2 contain an authentication bypass vulnerability in the /api/channels route classification due to canonicalization depth mismatch between auth-path classification and route-path canonicalization. Attackers can bypass plugin route authentication checks by submitti...
EUVD-2026-13259
OpenClaw versions prior to 2026.3.2 contain an authentication bypass vulnerability in the /api/channels route classification due to canonicalization depth mismatch between auth-path classification and route-path canonicalization. Attackers can bypass plugin route authentication checks by submitti...
CVE-2026-32004 OpenClaw < 2026.3.2 - Authentication Bypass via Encoded Path in /api/channels Route
OpenClaw versions prior to 2026.3.2 contain an authentication bypass vulnerability in the /api/channels route classification due to canonicalization depth mismatch between auth-path classification and route-path canonicalization. Attackers can bypass plugin route authentication checks by submitti...
OpenClaw has encoded-path auth bypass in plugin `/api/channels` route classification
Summary Updated March 2, 2026 Encoded alternate-path requests could bypass plugin route auth checks for /api/channels/ due to canonicalization depth mismatch in vulnerable builds. Affected Packages / Versions - Package: openclaw npm - Latest published vulnerable version: 2026.3.1 - Affected range...