CVE-2026-32970

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.11

Description The software contains a credential fallback issue. When local gateway authentication tokens (gateway.auth.token) and passwords (gateway.auth.password) are unavailable, the system incorrectly falls back to remote credentials even when operating in local mode. This can occur due to misconfigured local authentication references, potentially allowing attackers to bypass local authentication restrictions and access the system using unintended credentials. The issue affects CLI and helper paths, causing them to select incorrect credential sources.

Recommendations Update to version 2026.3.11 or later.