CVE-2026-32031 OpenClaw < 2026.2.26 - Authentication Bypass via Path Canonicalization Mismatch in /api/channels Gateway

OpenClaw versions prior to 2026.2.26 server-http contains an authentication bypass vulnerability in gateway authentication for plugin channel endpoints due to path canonicalization mismatch between the gateway guard and plugin handler routing. Attackers can bypass authentication by sending reques...

EUVD-2026-13310

OpenClaw versions prior to 2026.2.26 server-http contains an authentication bypass vulnerability in gateway authentication for plugin channel endpoints due to path canonicalization mismatch between the gateway guard and plugin handler routing. Attackers can bypass authentication by sending reques...

CVE-2026-32031

CVE-2026-32031 affects OpenClaw server-http prior to 2026.2.26. The issue is an authentication bypass in gateway authentication for plugin channel endpoints caused by a path canonicalization mismatch between the gateway guard and the plugin handler routing. This allows attackers to bypass authent...

OpenClaw: /api/channels gateway-auth boundary bypass via path canonicalization mismatch

Summary Gateway auth for plugin channel endpoints can be bypassed when path canonicalization differs between the gateway guard and plugin handler routing. Details On affected versions, server-http only applies gateway auth when raw requestPath matches exactly: - /api/channels - /api/channels/ If ...

PT-2026-26412

Summary Gateway auth for plugin channel endpoints can be bypassed when path canonicalization differs between the gateway guard and plugin handler routing. Details On affected versions, server-http only applies gateway auth when raw requestPath matches exactly: - /api/channels - /api/channels/ If ...