Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
OpenClaw: Leaks Gateway Credentials After Trust Decline
GHSA-9f4w-67g7-mqwv
Summary
If you use OpenClaw, a bug can allow an attacker to keep access to your account even if you decline a new endpoint. This is because OpenClaw doesn't properly remove the endpoint when you decline it. To fix this, update to OpenClaw version 2026.3.31 or later to prevent unauthorized access to your account.
What to do
- Update openclaw to version 2026.3.31.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.3.28 | 2026.3.31 |
Original title
OpenClaw: Endpoint persists after trust decline, leaking gateway credentials
Original description
## Summary
Remote onboarding preserves attacker-discovered endpoint after trust decline, routing gateway credentials to it
## Current Maintainer Triage
- Status: narrow
- Normalized severity: medium
- Assessment: Real shipped onboarding trust-decline bug because the declined discovered URL survived into the manual prompt, but operator acceptance of that prefill is still required, so medium.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published npm version: `2026.3.31`
- Vulnerable version range: `<=2026.3.28`
- Patched versions: `>= 2026.3.31`
- First stable tag containing the fix: `v2026.3.31`
## Fix Commit(s)
- `2a75416634837c21ed05b8c3ed906eb7a7807060` — 2026-03-30T20:03:06+01:00
OpenClaw thanks @zsxsoft for reporting.
Remote onboarding preserves attacker-discovered endpoint after trust decline, routing gateway credentials to it
## Current Maintainer Triage
- Status: narrow
- Normalized severity: medium
- Assessment: Real shipped onboarding trust-decline bug because the declined discovered URL survived into the manual prompt, but operator acceptance of that prefill is still required, so medium.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published npm version: `2026.3.31`
- Vulnerable version range: `<=2026.3.28`
- Patched versions: `>= 2026.3.31`
- First stable tag containing the fix: `v2026.3.31`
## Fix Commit(s)
- `2a75416634837c21ed05b8c3ed906eb7a7807060` — 2026-03-30T20:03:06+01:00
OpenClaw thanks @zsxsoft for reporting.
ghsa CVSS4.0
6.9
Vulnerability type
CWE-670
Published: 3 Apr 2026 · Updated: 3 Apr 2026 · First seen: 3 Apr 2026