CVE-2026-45002 Overview
CVE-2026-45002 is an authorization bypass vulnerability in OpenClaw before version 2026.4.20. The flaw allows attackers to circumvent the hooks.allowRequestSessionKey opt-in restriction through templated hook mappings. By rendering externally influenced session keys via template expressions, attackers can bypass webhook routing isolation controls intended to keep session contexts segregated. The issue is classified under CWE-863: Incorrect Authorization and affects the OpenClaw gateway component on Node.js.
Critical Impact
Network-reachable attackers can bypass session-key gating in OpenClaw hook routing, undermining webhook isolation boundaries and enabling cross-session interactions that the configuration was designed to prevent.
Affected Products
- OpenClaw (npm package openclaw) versions prior to 2026.4.20
- OpenClaw gateway hook mapping component (src/gateway/hooks-mapping.ts)
- Node.js deployments using hooks.allowRequestSessionKey opt-in controls
Discovery Timeline
- 2026-05-11 - CVE-2026-45002 published to NVD
- 2026-05-13 - Last updated in NVD database
Technical Details for CVE-2026-45002
Vulnerability Analysis
The vulnerability resides in OpenClaw's gateway hook resolution pipeline. OpenClaw exposes a configuration flag, hooks.allowRequestSessionKey, that gates whether incoming requests can influence the session key used for webhook routing. When the flag is disabled, the system should reject request-supplied session keys to preserve isolation between tenants and contexts.
The gating logic only inspects literal mapping values. It does not evaluate template expressions that render externally influenced data at resolution time. Attackers can therefore embed templated placeholders in hook mappings that expand to attacker-controlled session keys, bypassing the opt-in restriction without triggering the existing check.
Successful exploitation breaks webhook routing isolation. An attacker can direct hook delivery into session contexts they should not be able to address. The CVSS 4.0 vector indicates network attack reach with no privileges required and limited integrity impact ([CWE-863]).
Root Cause
The root cause is incomplete authorization enforcement. The allowRequestSessionKey policy check occurred before template rendering, allowing template-resolved values to skip the gate. The patch introduces a hasHookTemplateExpressions helper to detect templated mappings and enforce the gate against the rendered output.
Attack Vector
An unauthenticated remote attacker submits a request that targets a hook mapping containing template expressions referencing request-controlled fields. When the gateway renders the mapping, the session key is derived from attacker-supplied input, bypassing hooks.allowRequestSessionKey=false and redirecting webhook routing.
// Security patch in src/gateway/hooks.ts
normalizeOptionalString,
} from "../shared/string-coerce.js";
import { normalizeMessageChannel } from "../utils/message-channel-core.js";
-import { type HookMappingResolved, resolveHookMappings } from "./hooks-mapping.js";
+import {
+ hasHookTemplateExpressions,
+ type HookMappingResolved,
+ resolveHookMappings,
+} from "./hooks-mapping.js";
import { resolveAllowedAgentIds } from "./hooks-policy.js";
import type { HookMessageChannel } from "./hooks.types.js";
Source: OpenClaw commit 5275d008. The patch imports hasHookTemplateExpressions so the gateway can detect templated mappings and enforce the allowRequestSessionKey gate against template-rendered session keys, not just literal values.
Detection Methods for CVE-2026-45002
Indicators of Compromise
- Hook mapping configurations containing template expressions ({{ ... }}) that reference request-derived fields used in session key positions.
- Webhook delivery logs showing session keys that do not match any authenticated session context for the originating tenant.
- Unexpected cross-session hook invocations correlated with externally originated HTTP requests to the OpenClaw gateway.
Detection Strategies
- Audit deployed hooks configuration files for templated session-key fields and compare against the allowRequestSessionKey setting.
- Inspect OpenClaw gateway logs for resolved hook mappings where the rendered session key differs from the static configured value.
- Run the OpenClaw openclaw:openclaw package against a software composition analysis tool to flag versions below 2026.4.20.
Monitoring Recommendations
- Forward gateway access logs and hook resolution events to a centralized analytics platform for anomaly detection on session-key distributions.
- Alert on requests that supply parameters consumed by hook mapping templates from untrusted network sources.
- Track outbound webhook destinations and flag deliveries to unexpected session contexts or tenants.
How to Mitigate CVE-2026-45002
Immediate Actions Required
- Upgrade OpenClaw to version 2026.4.20 or later, which contains the fix in commit 5275d008ed33203dba3f98e969ad683a65c416c3.
- Inventory all hook mapping configurations and remove template expressions in session-key fields unless explicitly required.
- Confirm hooks.allowRequestSessionKey is set to false for deployments that do not require request-driven session routing.
Patch Information
The fix is published in the OpenClaw repository. See the GitHub commit details, the GitHub Security Advisory GHSA-2xcp-x87w-q377, and the VulnCheck advisory on OpenClaw. The patch wires hasHookTemplateExpressions into src/gateway/hooks.ts so the allowRequestSessionKey gate evaluates template-rendered output.
Workarounds
- Remove or restrict hook mappings that interpolate request-derived data into session-key fields.
- Place the OpenClaw gateway behind a reverse proxy that strips or normalizes request parameters referenced by hook templates.
- Apply network segmentation so the gateway is only reachable from trusted upstream services until the upgrade is deployed.
# Upgrade OpenClaw to the patched release
npm install openclaw@2026.4.20
# Verify the installed version
npm ls openclaw
: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
