PT-2026-30522 · Npm · Openclaw

Published

2026-03-26

·

Updated

2026-03-26

CVSS v4.0

6.9

Medium

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Summary

Before v2026.3.23, Canvas and A2UI loopback requests could bypass Canvas bearer-or-capability authentication because authorizeCanvasRequest(...) treated isLocalDirectRequest(...) as an unconditional allow path.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected: < 2026.3.23
  • Fixed: >= 2026.3.23
  • Latest released tag checked: v2026.3.23-2 (630f1479c44f78484dfa21bb407cbe6f171dac87)
  • Latest published npm version checked: 2026.3.23-2

Root Cause

The vulnerable logic lived in src/gateway/server/http-auth.ts. authorizeCanvasRequest(...) returned { ok: true } for local-direct requests before checking bearer authentication or an active node canvas capability, which meant unauthenticated loopback Canvas HTTP and WebSocket requests could succeed.

Fix Commit(s)

  • d5dc6b6573ae489bc7e5651090f4767b93537c9efix(gateway): require auth for canvas routes

Release Status

The fix commit is contained in released tags v2026.3.23 and v2026.3.23-2. The latest shipped tag and npm release both include the fix.

Code-Level Confirmation

  • src/gateway/server/http-auth.ts no longer contains the local-direct early return in authorizeCanvasRequest(...).
  • src/gateway/server.canvas-auth.test.ts adds the regression test denies canvas HTTP/WS on loopback without bearer or capability by default.
Thanks @smaeljaish771 for reporting.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

GHSA-6MQC-JQH6-X8FC

Affected Products

Openclaw