Main Vulnerability Database Vulnerabilities #VU125189

#VU125189 Authentication Bypass by Spoofing in OpenClaw

Published: April 8, 2026

Vulnerability identifier: #VU125189

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-290

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
OpenClaw

Software vendor:
OpenClaw

Description

The vulnerability allows a remote attacker to bypass authentication and rate limiting.

The vulnerability exists due to authentication bypass by spoofing in client origin resolution for canvas auth and auth-rate-limit paths when processing forwarding headers with trusted proxies configured. A remote attacker can send spoofed forwarding headers with loopback hops to bypass authentication and rate limiting.

Exploitation requires gateway.trustedProxies to be configured.

Remediation

Install security update from vendor's website.

External links

https://github.com/openclaw/openclaw/security/advisories/GHSA-844j-xrrq-wgh4

#VU125189 Authentication Bypass by Spoofing in OpenClaw

Description

Remediation

External links

Please verify you're human