5 matches found
OpenClaw: Gateway Canvas local-direct requests bypass Canvas HTTP and WebSocket authentication
Summary Before v2026.3.23, Canvas and A2UI loopback requests could bypass Canvas bearer-or-capability authentication because authorizeCanvasRequest... treated isLocalDirectRequest... as an unconditional allow path. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.23 -...
GHSA-6MQC-JQH6-X8FC OpenClaw: Gateway Canvas local-direct requests bypass Canvas HTTP and WebSocket authentication
Summary Before v2026.3.23, Canvas and A2UI loopback requests could bypass Canvas bearer-or-capability authentication because authorizeCanvasRequest... treated isLocalDirectRequest... as an unconditional allow path. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.23 -...
Improper Restriction of Rendered UI Layers or Frames
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Restriction of Rendered UI Layers or Frames in the canvas route authorization process. An attacker can gain unauthorized access to restricted routes by exploiting insufficient...
GHSA-CJV3-M589-V3RX OpenClaw has Canvas route hardening for mixed-trust deployments
Summary This advisory tracks a defense-in-depth hardening for canvas routes. In mixed-trust or network-visible deployments, prior canvas auth/fallback behavior could broaden access beyond intended boundaries. Deployment Context OpenClaw’s default model is trusted host + loopback-first access. Som...
OpenClaw has Canvas route hardening for mixed-trust deployments
Summary This advisory tracks a defense-in-depth hardening for canvas routes. In mixed-trust or network-visible deployments, prior canvas auth/fallback behavior could broaden access beyond intended boundaries. Deployment Context OpenClaw’s default model is trusted host + loopback-first access. Som...