4 matches found
OpenClaw Metadata Spoofing Vulnerability
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a metadata forgery vulnerability that stems from client-submitted reconnect platform and device family fields not being bound to a device authentication signature. An attacker could use this...
CVE-2026-32014
OpenClaw is affected in versions prior to 2026.2.26. The vulnerability is a metadata spoofing flaw where reconnect platform and deviceFamily fields are accepted from the client without being bound into the device-auth signature. An attacker with a paired node identity on a trusted network can spo...
EUVD-2026-13277
OpenClaw versions prior to 2026.2.26 contain a metadata spoofing vulnerability where reconnect platform and deviceFamily fields are accepted from the client without being bound into the device-auth signature. An attacker with a paired node identity on the trusted network can spoof reconnect...
CVE-2026-32014 OpenClaw < 2026.2.26 - Node Reconnect Metadata Spoofing via Unsigned Platform Fields
OpenClaw versions prior to 2026.2.26 contain a metadata spoofing vulnerability where reconnect platform and deviceFamily fields are accepted from the client without being bound into the device-auth signature. An attacker with a paired node identity on the trusted network can spoof reconnect...