PT-2026-35763

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description A privilege escalation issue allows paired nodes with role=node to dispatch node.event agent requests, granting unrestricted tool access on the gateway side. Attackers possessing trusted paired...

OpenClaw Authentication Bypass Vulnerability (CNVD-2026-14840)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an authentication bypass vulnerability that originates from allowing clients authenticated with a shared gateway token to connect as a role=node without device authentication. An attacker could use thi...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the WebSocket connect process. An attacker can inject unauthorized node.event messages by connecting with a shared gateway token and claiming role=node without...

PT-2026-26383

Summary A client authenticated with a shared gateway token could connect as role=node without device identity/pairing, then call node.event to trigger agent.request and voice.transcript flows. Affected Packages / Versions - Package: npm openclaw - Affected versions: = 2026.2.21-2 - Patched versio...