Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.4
OpenClaw Node Role Device Bypass Allows Unauthorized Node Events
GHSA-rv2q-f2h5-6xmg
Summary
A security issue in OpenClaw allows unauthorized clients to send events that can trigger actions without properly pairing their device. This can happen when a client uses a shared authentication token and claims to be a 'node'. To fix this, update to OpenClaw version 2026.2.22 or later, which requires device pairing for nodes to be authenticated.
What to do
- Update openclaw to version 2026.2.22.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.2.22 | 2026.2.22 |
Original title
OpenClaw's Node role device-identity bypass allows unauthorized node.event injection
Original description
### Summary
A client authenticated with a shared gateway token could connect as `role=node` without device identity/pairing, then call `node.event` to trigger `agent.request` and `voice.transcript` flows.
### Affected Packages / Versions
- Package: npm `openclaw`
- Affected versions: `<= 2026.2.21-2`
- Patched version: `2026.2.22` (planned next release)
### Details
The WebSocket connect path allowed device-less bypass whenever shared auth succeeded. That bypass did not restrict role, so a client could claim `role=node` with no device identity and still pass handshake auth. Because `node.event` is node-role allowed, this enabled unauthorized node event injection into agent-trigger flows.
### Impact
Unauthorized `node.event` injection can trigger agent execution and voice transcript flows for clients that only hold the shared gateway token, without node device pairing.
### Remediation
Upgrade to `2026.2.22` (or newer) once published. The fix requires device identity for `role=node` connects, even when shared-token auth succeeds.
### Fix Commit(s)
- ddcb2d79b17bf2a42c5037d8aeff1537a12b931e
### Release Process Note
`patched_versions` is pre-set to the planned next release so once npm release `2026.2.22` is out, advisory publish is a single step.
OpenClaw thanks @tdjackey for reporting.
A client authenticated with a shared gateway token could connect as `role=node` without device identity/pairing, then call `node.event` to trigger `agent.request` and `voice.transcript` flows.
### Affected Packages / Versions
- Package: npm `openclaw`
- Affected versions: `<= 2026.2.21-2`
- Patched version: `2026.2.22` (planned next release)
### Details
The WebSocket connect path allowed device-less bypass whenever shared auth succeeded. That bypass did not restrict role, so a client could claim `role=node` with no device identity and still pass handshake auth. Because `node.event` is node-role allowed, this enabled unauthorized node event injection into agent-trigger flows.
### Impact
Unauthorized `node.event` injection can trigger agent execution and voice transcript flows for clients that only hold the shared gateway token, without node device pairing.
### Remediation
Upgrade to `2026.2.22` (or newer) once published. The fix requires device identity for `role=node` connects, even when shared-token auth succeeds.
### Fix Commit(s)
- ddcb2d79b17bf2a42c5037d8aeff1537a12b931e
### Release Process Note
`patched_versions` is pre-set to the planned next release so once npm release `2026.2.22` is out, advisory publish is a single step.
OpenClaw thanks @tdjackey for reporting.
ghsa CVSS3.1
5.4
Vulnerability type
CWE-863
Incorrect Authorization
Published: 3 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026