Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.2
OpenClaw: Trusted Network Attackers Can Bypass Passwords on HTTP Gateway
CVE-2026-32045
Summary
Old versions of OpenClaw have a security mistake that lets attackers on trusted networks access sensitive areas of the HTTP gateway without the usual login requirements. This could let unauthorized people see or change important data. Update to the latest version to fix this issue.
Original title
OpenClaw versions prior to 2026.2.21 incorrectly apply tokenless Tailscale header authentication to HTTP gateway routes, allowing bypass of token and password requirements. Attackers on trusted net...
Original description
OpenClaw versions prior to 2026.2.21 incorrectly apply tokenless Tailscale header authentication to HTTP gateway routes, allowing bypass of token and password requirements. Attackers on trusted networks can exploit this misconfiguration to access HTTP gateway routes without proper authentication credentials.
nvd CVSS3.1
5.9
nvd CVSS4.0
8.2
Vulnerability type
CWE-290
Published: 21 Mar 2026 · Updated: 21 Mar 2026 · First seen: 21 Mar 2026