Improper Restriction of Excessive Authentication Attempts in OpenClaw - CVE-2026-32025
Published: May 1, 2026
Vulnerability identifier: #VU128771
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-32025
CWE-ID: CWE-307
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: OpenClaw
Affected software:
OpenClaw
OpenClaw
Detailed vulnerability description
The vulnerability allows a remote attacker to establish an authenticated operator WebSocket session.
The vulnerability exists due to improper authentication in the WebSocket authentication flow when a browser-origin client connects to the loopback gateway and performs password authentication. A remote attacker can trick the victim into opening attacker-controlled web content and brute-force the gateway password to establish an authenticated operator WebSocket session.
Exploitation requires the gateway to be reachable on loopback, password authentication mode to be enabled, and the password to be guessable within feasible brute-force or dictionary attempts.
How to mitigate CVE-2026-32025
Install security update from vendor's website.