Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.3
OpenClaw: Credentials Leaked If Onboarding Not Fully Completed
GHSA-9f4w-67g7-mqwv
Summary
A bug in OpenClaw's onboarding process allows an attacker who discovers an endpoint to continue accessing it even after it's been reported as untrusted. This can lead to unauthorized access to gateway credentials. To fix this, update to OpenClaw version 2026.3.31 or later.
What to do
- Update openclaw to version 2026.3.31.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.3.31 | 2026.3.31 |
Original title
OpenClaw: Endpoint persists after trust decline, leaking gateway credentials
Original description
## Summary
Remote onboarding preserves attacker-discovered endpoint after trust decline, routing gateway credentials to it
## Current Maintainer Triage
- Status: narrow
- Normalized severity: medium
- Assessment: Real shipped onboarding trust-decline bug because the declined discovered URL survived into the manual prompt, but operator acceptance of that prefill is still required, so medium.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published npm version: `2026.3.31`
- Vulnerable version range: `<=2026.3.28`
- Patched versions: `>= 2026.3.31`
- First stable tag containing the fix: `v2026.3.31`
## Fix Commit(s)
- `2a75416634837c21ed05b8c3ed906eb7a7807060` — 2026-03-30T20:03:06+01:00
OpenClaw thanks @zsxsoft for reporting.
Remote onboarding preserves attacker-discovered endpoint after trust decline, routing gateway credentials to it
## Current Maintainer Triage
- Status: narrow
- Normalized severity: medium
- Assessment: Real shipped onboarding trust-decline bug because the declined discovered URL survived into the manual prompt, but operator acceptance of that prefill is still required, so medium.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published npm version: `2026.3.31`
- Vulnerable version range: `<=2026.3.28`
- Patched versions: `>= 2026.3.31`
- First stable tag containing the fix: `v2026.3.31`
## Fix Commit(s)
- `2a75416634837c21ed05b8c3ed906eb7a7807060` — 2026-03-30T20:03:06+01:00
OpenClaw thanks @zsxsoft for reporting.
osv CVSS4.0
8.3
Vulnerability type
CWE-670
Published: 3 Apr 2026 · Updated: 3 Apr 2026 · First seen: 3 Apr 2026