CVE-2026-32045

CVSS v3.1

5.9

Medium

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

OpenClaw versions prior to 2026.2.21 incorrectly apply tokenless Tailscale header authentication to HTTP gateway routes, allowing bypass of token and password requirements. Attackers on trusted networks can exploit this misconfiguration to access HTTP gateway routes without proper authentication credentials.

Fix

Authentication Bypass by Spoofing

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-290

Related Identifiers

CVE-2026-32045

Affected Products

Openclaw

CVE-2026-32045

Weakness Enumeration

Related Identifiers

Affected Products

References · 4