Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.4
OpenClaw Authentication Bypass: Attackers Can Access Without Logging In
CVE-2026-3690
Summary
A security issue in OpenClaw allows attackers to access the system without entering a valid login. This means unauthorized users can potentially access sensitive areas of OpenClaw. To protect your system, update to the latest version of OpenClaw as soon as possible.
Original title
OpenClaw Canvas Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of OpenClaw. Authentication is not required to exp...
Original description
OpenClaw Canvas Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of OpenClaw. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the the authentication function for canvas endpoints. The issue results from improper implementation of authentication. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-29311.
The specific flaw exists within the implementation of the the authentication function for canvas endpoints. The issue results from improper implementation of authentication. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-29311.
nvd CVSS3.0
7.4
Vulnerability type
CWE-291
Published: 11 Apr 2026 · Updated: 11 Apr 2026 · First seen: 11 Apr 2026