CVE-2026-28472 Overview
CVE-2026-28472 is a critical authentication bypass vulnerability affecting OpenClaw versions prior to 2026.2.2. The vulnerability exists in the gateway WebSocket connect handshake, where device identity checks can be completely bypassed when an auth.token is present but not properly validated. This flaw allows attackers to establish connections to the gateway without providing device identity or completing the pairing process, potentially resulting in unauthorized operator access to vulnerable deployments.
Critical Impact
Attackers can gain operator-level access to OpenClaw gateway deployments by exploiting the authentication token presence check, bypassing device identity verification entirely.
Affected Products
- OpenClaw versions prior to 2026.2.2
Discovery Timeline
- 2026-03-05 - CVE-2026-28472 published to NVD
- 2026-03-05 - Last updated in NVD database
Technical Details for CVE-2026-28472
Vulnerability Analysis
This vulnerability represents a classic authentication bypass flaw classified under CWE-306 (Missing Authentication for Critical Function). The core issue lies in the gateway WebSocket connection handshake logic, which improperly handles authentication token validation. Instead of verifying the validity and integrity of the auth.token parameter, the vulnerable code merely checks for the token's presence. This fundamental logic error allows an attacker to supply any arbitrary or malformed token value to satisfy the presence check, effectively circumventing the device identity verification mechanism entirely.
The vulnerability is particularly dangerous because it targets the WebSocket handshake phase, which is the initial authentication gate for device connections. Once bypassed, attackers can establish persistent connections with elevated privileges typically reserved for authenticated operators.
Root Cause
The root cause is an improper authentication check in the gateway WebSocket connect handshake implementation. The vulnerable code performs a presence check on the auth.token parameter rather than validating the token's authenticity, cryptographic signature, or association with a legitimate device identity. This allows attackers to bypass the device identity and pairing requirements by simply including any auth.token value in their connection request.
Attack Vector
The attack vector is network-based, requiring no prior authentication or user interaction. An attacker can exploit this vulnerability by:
- Initiating a WebSocket connection to the vulnerable OpenClaw gateway
- Including an auth.token parameter with any arbitrary value in the handshake request
- Bypassing the device identity check since the code only verifies token presence, not validity
- Gaining unauthorized operator access to the gateway without completing legitimate device pairing
The vulnerability allows remote, unauthenticated attackers to establish connections that should require proper device identity verification and pairing protocols. Upon successful exploitation, attackers gain operator-level access, which could allow them to issue commands, access sensitive data, or further compromise connected systems.
Detection Methods for CVE-2026-28472
Indicators of Compromise
- Unusual WebSocket connection attempts to the gateway endpoint from unrecognized IP addresses
- Connection logs showing successful authentications with invalid or malformed token values
- Unexpected operator-level sessions without corresponding device pairing records
- Anomalous gateway activity patterns indicating unauthorized access
Detection Strategies
- Monitor WebSocket handshake logs for connections with suspicious or non-standard auth.token values
- Implement alerting for gateway connections that bypass normal device pairing workflows
- Review access logs for operator sessions that lack corresponding device identity records
- Deploy network monitoring to detect connection attempts from untrusted sources
Monitoring Recommendations
- Enable verbose logging on OpenClaw gateway WebSocket endpoints to capture authentication attempts
- Correlate gateway connection logs with device inventory to identify unauthorized access
- Implement real-time alerting for authentication anomalies in gateway handshake processes
How to Mitigate CVE-2026-28472
Immediate Actions Required
- Upgrade OpenClaw to version 2026.2.2 or later immediately
- Review gateway access logs for signs of exploitation prior to patching
- Restrict network access to OpenClaw gateway endpoints using firewall rules
- Audit existing operator sessions and revoke any unauthorized access
Patch Information
The vulnerability has been addressed in OpenClaw version 2026.2.2. The fix ensures that auth.token values are properly validated rather than merely checked for presence. Detailed information about the patch is available in the GitHub Commit Update. Additional context can be found in the GitHub Security Advisory and the VulnCheck Advisory.
Workarounds
- Implement network-level access controls to restrict gateway WebSocket access to trusted IP ranges only
- Deploy a reverse proxy or API gateway with additional authentication validation in front of the OpenClaw gateway
- Temporarily disable remote gateway access until the patch can be applied
- Monitor and audit all gateway connections closely if immediate patching is not possible
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
