Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.0
OpenClaw: Untrusted Node Devices Can Gain Access to Commands
GHSA-r65x-2hqr-j5hf
Summary
An attacker with access to the trusted network can potentially trick the OpenClaw system into thinking a node device is something it's not, allowing the attacker to access commands they shouldn't have. This can happen if an attacker has already paired a node device on the network and can spoof the device's metadata. To fix this, the latest version of OpenClaw (2026.2.26) has been updated to verify the device's metadata and reject any suspicious activity. We recommend updating to the latest version to ensure your system is secure.
What to do
- Update openclaw to version 2026.2.26.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.2.25 | 2026.2.26 |
Original title
OpenClaw: Node reconnect metadata spoofing could bypass platform-based node command policy
Original description
## Summary
A paired node device could reconnect with spoofed `platform`/`deviceFamily` metadata and broaden node command policy eligibility because reconnect metadata was accepted from the client while these fields were not bound into the device-auth signature.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected versions: `<= 2026.2.25`
- Latest published version at update time: `2026.2.25`
- Patched version (pre-set for next release): `2026.2.26`
## Impact
In configurations where node command policy differs by platform, an attacker with an already paired node identity on the trusted network could spoof reconnect metadata and gain access to commands that should remain blocked for the originally paired platform.
## Fix
- Add device-auth payload `v3` that signs normalized `platform` and `deviceFamily`.
- Verify `v3` first (fallback to `v2` for compatibility), while pinning paired metadata server-side.
- Reject reconnect metadata mismatches and require explicit repair pairing to change pinned metadata.
- Add regression coverage for reconnect spoof attempts.
## Fix Commit(s)
- `7d8aeaaf06e2e616545d2c2cec7fa27f36b59b6a`
## Release Process Note
`patched_versions` is pre-set to the planned next release `2026.2.26`; once that npm release is published, the advisory can be published without further field edits.
OpenClaw thanks @76embiid21 for reporting.
A paired node device could reconnect with spoofed `platform`/`deviceFamily` metadata and broaden node command policy eligibility because reconnect metadata was accepted from the client while these fields were not bound into the device-auth signature.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected versions: `<= 2026.2.25`
- Latest published version at update time: `2026.2.25`
- Patched version (pre-set for next release): `2026.2.26`
## Impact
In configurations where node command policy differs by platform, an attacker with an already paired node identity on the trusted network could spoof reconnect metadata and gain access to commands that should remain blocked for the originally paired platform.
## Fix
- Add device-auth payload `v3` that signs normalized `platform` and `deviceFamily`.
- Verify `v3` first (fallback to `v2` for compatibility), while pinning paired metadata server-side.
- Reject reconnect metadata mismatches and require explicit repair pairing to change pinned metadata.
- Add regression coverage for reconnect spoof attempts.
## Fix Commit(s)
- `7d8aeaaf06e2e616545d2c2cec7fa27f36b59b6a`
## Release Process Note
`patched_versions` is pre-set to the planned next release `2026.2.26`; once that npm release is published, the advisory can be published without further field edits.
OpenClaw thanks @76embiid21 for reporting.
ghsa CVSS3.1
8.0
Vulnerability type
CWE-290
CWE-863
Incorrect Authorization
Published: 3 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026