PT-2026-26728 · Openclaw · Openclaw
Peng Zhou
·
Published
2026-03-03
·
Updated
2026-03-21
·
CVE-2026-32045
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
OpenClaw versions prior to 2026.2.21
Description
The software incorrectly applies tokenless Tailscale header authentication to HTTP gateway routes. This allows bypassing token and password requirements for attackers on trusted networks, granting them access to HTTP gateway routes without proper authentication. The issue affects HTTP gateway routes specifically.
Recommendations
Update to version 2026.2.21 or later.
Fix
Authentication Bypass by Spoofing
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openclaw