OpenClaw: Untrusted Node Access Leads to Gateway Takeover

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.4

OpenClaw: Untrusted Node Access Leads to Gateway Takeover

GHSA-gjm7-hw8f-73rq

Summary

A security issue in OpenClaw allows an attacker with a paired node to gain full access to the gateway, potentially allowing them to take control of the system. This is a serious risk because it requires a trusted paired node to exploit, but the vulnerability allows an attacker to escalate their privileges. To stay secure, update OpenClaw to version 2026.3.31 or later.

What to do

Update openclaw to version 2026.3.31.

Affected software

Vendor	Product	Affected versions	Fix available
–	openclaw	<= 2026.3.31	2026.3.31

Original title

OpenClaw: Paired node escalates to gateway RCE via unrestricted node.event agent dispatch

Original description

## Summary
Paired node escalates to gateway RCE via unrestricted node.event agent dispatch

## Current Maintainer Triage
- Status: narrow
- Normalized severity: high
- Assessment: v2026.3.28 still lets paired role=node clients drive node.event agent.request into broader gateway-side tool access than node RPCs, but critical is overstated because a trusted paired node foothold is already required.

## Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published npm version: `2026.3.31`
- Vulnerable version range: `<=2026.3.28`
- Patched versions: `>= 2026.3.31`
- First stable tag containing the fix: `v2026.3.31`

## Fix Commit(s)
- `a77928b1087e90f2a8903f8e5aca6dec9237ac62` — 2026-03-30T14:22:15+01:00

OpenClaw thanks @AntAISecurityLab for reporting.

osv CVSS4.0 9.4

Vulnerability type

CWE-863 Incorrect Authorization

Published: 3 Apr 2026 · Updated: 3 Apr 2026 · First seen: 3 Apr 2026