CVE-2026-3689

OpenClaw Canvas contains a path traversal information disclosure in the canvas gateway endpoint due to improper validation of user-supplied path parameters. The issue, affecting OpenClaw Canvas (various versions), can allow remote attackers to disclose sensitive information within the service acc...

CVE-2026-3689

OpenClaw Canvas Path Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenClaw. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the pa...

EUVD-2026-21124

OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where authorizeCanvasRequest unconditionally allows local-direct requests without validating bearer tokens or canvas capabilities. Attackers can send unauthenticated loopback HTTP and WebSocket request...

Duplicate Advisory: OpenClaw: Gateway Canvas local-direct requests bypass Canvas HTTP and WebSocket authentication

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6mqc-jqh6-x8fc. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where...

CVE-2026-35634

OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where authorizeCanvasRequest unconditionally allows local-direct requests without validating bearer tokens or canvas capabilities. Attackers can send unauthenticated loopback HTTP and WebSocket request...

CVE-2026-35634 OpenClaw < 2026.3.23 - Authentication Bypass via Local-Direct Requests in Canvas Gateway

OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where authorizeCanvasRequest unconditionally allows local-direct requests without validating bearer tokens or canvas capabilities. Attackers can send unauthenticated loopback HTTP and WebSocket request...

CVE-2026-35634

OpenClaw Canvas Gateway is affected by an authentication bypass in versions before 2026.3.23. The issue stems from authorizeCanvasRequest() unconditionally allowing local-direct requests without validating bearer tokens or canvas capabilities, enabling unauthenticated loopback HTTP and WebSocket ...

CVE-2026-35634 OpenClaw < 2026.3.23 - Authentication Bypass via Local-Direct Requests in Canvas Gateway

OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where authorizeCanvasRequest unconditionally allows local-direct requests without validating bearer tokens or canvas capabilities. Attackers can send unauthenticated loopback HTTP and WebSocket request...

CVE-2026-35634

OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where authorizeCanvasRequest unconditionally allows local-direct requests without validating bearer tokens or canvas capabilities. Attackers can send unauthenticated loopback HTTP and WebSocket request...

PT-2026-31769

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.23 Description OpenClaw contains an authentication bypass in the Canvas gateway. The authorizeCanvasRequest function unconditionally allows local-direct requests without validating bearer tokens or canvas...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.23 contained security vulnerabilities. These vulnerabilities were due to a bypass of Canvas gateway authentication, which could lead to unauthorized access...

OpenClaw Canvas Path Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenClaw. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the path parameters provided to the canvas gateway endpoint. The issue...