OpenClaw: Untrusted Node Access Can Lead to Gateway Takeover

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.7

OpenClaw: Untrusted Node Access Can Lead to Gateway Takeover

GHSA-gjm7-hw8f-73rq

Summary

An attacker can take control of a gateway computer if they have access to a paired node that is not properly secured. This is a serious issue because it allows an attacker to execute arbitrary code on the gateway. To protect against this, update OpenClaw to version 2026.3.31 or later.

What to do

Update openclaw to version 2026.3.31.

Affected software

Vendor	Product	Affected versions	Fix available
–	openclaw	<= 2026.3.28	2026.3.31

Original title

OpenClaw: Paired node escalates to gateway RCE via unrestricted node.event agent dispatch

Original description

## Summary
Paired node escalates to gateway RCE via unrestricted node.event agent dispatch

## Current Maintainer Triage
- Status: narrow
- Normalized severity: high
- Assessment: v2026.3.28 still lets paired role=node clients drive node.event agent.request into broader gateway-side tool access than node RPCs, but critical is overstated because a trusted paired node foothold is already required.

## Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published npm version: `2026.3.31`
- Vulnerable version range: `<=2026.3.28`
- Patched versions: `>= 2026.3.31`
- First stable tag containing the fix: `v2026.3.31`

## Fix Commit(s)
- `a77928b1087e90f2a8903f8e5aca6dec9237ac62` — 2026-03-30T14:22:15+01:00

OpenClaw thanks @AntAISecurityLab for reporting.

ghsa CVSS4.0 8.7

Vulnerability type

CWE-863 Incorrect Authorization

Published: 3 Apr 2026 · Updated: 3 Apr 2026 · First seen: 3 Apr 2026