PT-2026-25465 · Npm · Openclaw
Published
2026-03-03
·
Updated
2026-03-03
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
Summary
When tokenless Tailscale auth is enabled, OpenClaw should only allow forwarded-header auth for Control UI websocket authentication on trusted hosts. In affected versions, that tokenless path could also be used by HTTP gateway auth call sites, which could bypass token/password requirements for HTTP routes in trusted-network deployments.
Affected Packages / Versions
- Package:
openclaw(npm) - Affected range:
<= 2026.2.19-2(latest published npm version as of February 21, 2026) - Patched in: planned
2026.2.21release
Impact
Deployments relying on token/password for HTTP gateway routes could be downgraded to tokenless behavior when Tailscale header auth is enabled. This weakens expected HTTP route authentication boundaries even in trusted-host network setups.
Per SECURITY.md, this does not affect the recommended setup: keep the Gateway loopback-only (or otherwise within a trusted host/network boundary), use Tailscale serve/funnel for remote access, and keep tokenless Tailscale auth scoped to Control UI websocket login.
Fix
- Added an explicit auth-surface gate (
allowTailscaleHeaderAuth, defaultfalse) in gateway auth. - Enabled tokenless Tailscale header auth only for Control UI websocket authentication.
- Kept HTTP gateway auth call sites on token/password auth paths.
- Added regression coverage for HTTP-vs-websocket behavior and Tailscale header handling.
Fix Commit(s)
356d61aacfa5b0f1d5830716ec59d70682a3e7b8
Release Process Note
patched versions is pre-set to the planned next release (2026.2.21) so once npm release is published, this advisory can be published directly without further field edits.OpenClaw thanks @zpbrent for reporting.
Fix
Authentication Bypass by Spoofing
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openclaw