Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
OpenClaw Plugin Auth Bypass in API Channels Route
GHSA-v865-p3gq-hw6m
Summary
A security flaw in OpenClaw allows unauthorized access to certain API channels due to a misconfigured authentication system. This flaw affects deployments that expose plugin routes and rely on gateway authentication for protection. To fix this issue, update OpenClaw to version 2026.3.2 or later.
What to do
- Update openclaw to version 2026.3.2.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.3.1 | 2026.3.2 |
Original title
OpenClaw has encoded-path auth bypass in plugin `/api/channels` route classification
Original description
### Summary (Updated March 2, 2026)
Encoded alternate-path requests could bypass plugin route auth checks for `/api/channels/*` due to canonicalization depth mismatch in vulnerable builds.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published vulnerable version: `2026.3.1`
- Affected range: `<= 2026.3.1`
- Patched release: `2026.3.2` (`patched_versions: >= 2026.3.2`)
### Technical Details
In affected versions, plugin auth-path classification and route-path canonicalization could diverge for deeply encoded slash variants (for example multi-encoded `%2f`). That mismatch allowed alternate encoded paths to evade protected-prefix auth checks while still resolving to `/api/channels/...` in plugin route handling.
The fix set hardens this class of issue by:
- canonicalizing route paths to a bounded fixpoint,
- failing closed on malformed or unresolved canonicalization depth,
- requiring explicit plugin-route auth contracts (no implicit auth default),
- enforcing route ownership/conflict guards for duplicate route registrations, and
- using shared webhook route lifecycle registration to avoid stale/conflicting route surfaces.
### Affected Deployments
Deployments exposing plugin HTTP routes and relying on gateway auth for `/api/channels/*` protection.
### Fix Commit(s)
- `93b07240257919f770d1e263e1f22753937b80ea`
- `2fd8264ab03bd178e62a5f0c50d1c8556c17f12d`
- `d74bc257d8432f17e50b23ae713d7e0623a1fe0f`
- `7a7eee920a176a0043398c6b37bf4cc6eb983eeb`
Encoded alternate-path requests could bypass plugin route auth checks for `/api/channels/*` due to canonicalization depth mismatch in vulnerable builds.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published vulnerable version: `2026.3.1`
- Affected range: `<= 2026.3.1`
- Patched release: `2026.3.2` (`patched_versions: >= 2026.3.2`)
### Technical Details
In affected versions, plugin auth-path classification and route-path canonicalization could diverge for deeply encoded slash variants (for example multi-encoded `%2f`). That mismatch allowed alternate encoded paths to evade protected-prefix auth checks while still resolving to `/api/channels/...` in plugin route handling.
The fix set hardens this class of issue by:
- canonicalizing route paths to a bounded fixpoint,
- failing closed on malformed or unresolved canonicalization depth,
- requiring explicit plugin-route auth contracts (no implicit auth default),
- enforcing route ownership/conflict guards for duplicate route registrations, and
- using shared webhook route lifecycle registration to avoid stale/conflicting route surfaces.
### Affected Deployments
Deployments exposing plugin HTTP routes and relying on gateway auth for `/api/channels/*` protection.
### Fix Commit(s)
- `93b07240257919f770d1e263e1f22753937b80ea`
- `2fd8264ab03bd178e62a5f0c50d1c8556c17f12d`
- `d74bc257d8432f17e50b23ae713d7e0623a1fe0f`
- `7a7eee920a176a0043398c6b37bf4cc6eb983eeb`
ghsa CVSS4.0
6.9
Vulnerability type
CWE-288
Authentication Bypass Using Alternate Path
- https://github.com/openclaw/openclaw/security/advisories/GHSA-v865-p3gq-hw6m
- https://github.com/openclaw/openclaw/commit/2fd8264ab03bd178e62a5f0c50d1c8556c17...
- https://github.com/openclaw/openclaw/commit/7a7eee920a176a0043398c6b37bf4cc6eb98...
- https://github.com/openclaw/openclaw/commit/93b07240257919f770d1e263e1f22753937b...
- https://github.com/openclaw/openclaw/commit/d74bc257d8432f17e50b23ae713d7e0623a1...
- https://github.com/advisories/GHSA-v865-p3gq-hw6m
Published: 3 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026