Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
OpenClaw: Tokenless Auth Bypass in HTTP Routes on Trusted Networks
GHSA-hff7-ccv5-52f8
Summary
OpenClaw's recent versions have a security issue where tokenless authentication can be used for HTTP routes, even in trusted networks. This could allow unauthorized access to certain routes. To fix this, the developers will update OpenClaw in a future release to require a token or password for HTTP routes, even when tokenless Tailscale authentication is enabled. In the meantime, follow the recommended setup to keep your network secure.
What to do
- Update openclaw to version 2026.2.21.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.2.21 | 2026.2.21 |
Original title
OpenClaw's gateway tokenless Tailscale auth applied to HTTP routes
Original description
### Summary
When tokenless Tailscale auth is enabled, OpenClaw should only allow forwarded-header auth for Control UI websocket authentication on trusted hosts. In affected versions, that tokenless path could also be used by HTTP gateway auth call sites, which could bypass token/password requirements for HTTP routes in trusted-network deployments.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected range: `<= 2026.2.19-2` (latest published npm version as of February 21, 2026)
- Patched in: planned `2026.2.21` release
### Impact
Deployments relying on token/password for HTTP gateway routes could be downgraded to tokenless behavior when Tailscale header auth is enabled. This weakens expected HTTP route authentication boundaries even in trusted-host network setups.
Per SECURITY.md, this does not affect the recommended setup: keep the Gateway loopback-only (or otherwise within a trusted host/network boundary), use Tailscale serve/funnel for remote access, and keep tokenless Tailscale auth scoped to Control UI websocket login.
### Fix
- Added an explicit auth-surface gate (`allowTailscaleHeaderAuth`, default `false`) in gateway auth.
- Enabled tokenless Tailscale header auth only for Control UI websocket authentication.
- Kept HTTP gateway auth call sites on token/password auth paths.
- Added regression coverage for HTTP-vs-websocket behavior and Tailscale header handling.
### Fix Commit(s)
- `356d61aacfa5b0f1d5830716ec59d70682a3e7b8`
### Release Process Note
`patched_versions` is pre-set to the planned next release (`2026.2.21`) so once npm release is published, this advisory can be published directly without further field edits.
OpenClaw thanks @zpbrent for reporting.
When tokenless Tailscale auth is enabled, OpenClaw should only allow forwarded-header auth for Control UI websocket authentication on trusted hosts. In affected versions, that tokenless path could also be used by HTTP gateway auth call sites, which could bypass token/password requirements for HTTP routes in trusted-network deployments.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected range: `<= 2026.2.19-2` (latest published npm version as of February 21, 2026)
- Patched in: planned `2026.2.21` release
### Impact
Deployments relying on token/password for HTTP gateway routes could be downgraded to tokenless behavior when Tailscale header auth is enabled. This weakens expected HTTP route authentication boundaries even in trusted-host network setups.
Per SECURITY.md, this does not affect the recommended setup: keep the Gateway loopback-only (or otherwise within a trusted host/network boundary), use Tailscale serve/funnel for remote access, and keep tokenless Tailscale auth scoped to Control UI websocket login.
### Fix
- Added an explicit auth-surface gate (`allowTailscaleHeaderAuth`, default `false`) in gateway auth.
- Enabled tokenless Tailscale header auth only for Control UI websocket authentication.
- Kept HTTP gateway auth call sites on token/password auth paths.
- Added regression coverage for HTTP-vs-websocket behavior and Tailscale header handling.
### Fix Commit(s)
- `356d61aacfa5b0f1d5830716ec59d70682a3e7b8`
### Release Process Note
`patched_versions` is pre-set to the planned next release (`2026.2.21`) so once npm release is published, this advisory can be published directly without further field edits.
OpenClaw thanks @zpbrent for reporting.
ghsa CVSS4.0
6.9
Vulnerability type
CWE-290
Published: 3 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026