2 matches found
CVE-2026-28472
OpenClaw CVE-2026-28472 affects the gateway WebSocket connect handshake. The vulnerability allows bypassing device-identity checks when an auth.token is present but not validated, enabling attackers to connect to the gateway without device identity or pairing and potentially gain operator access ...
Missing Authentication for Critical Function
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the connect handshake in the gateway WebSocket, when auth.token is present but not validated. An attacker can gain unauthorized access by...