GHSA-RV39-79C4-7459

Vulnerability from github – Published: 2026-02-17 16:37 – Updated: 2026-02-17 16:37
VLAI?
Summary
OpenClaw's gateway connect could skip device identity checks when auth.token was present but not yet validated
Details

Summary

The gateway WebSocket connect handshake could allow skipping device identity checks when auth.token was present but not yet validated.

Details

In src/gateway/server/ws-connection/message-handler.ts, the device-identity requirement could be bypassed based on the presence of a non-empty connectParams.auth.token rather than a validated shared-secret authentication result.

Impact

In deployments where the gateway WebSocket is reachable and connections can be authorized via Tailscale without validating the shared secret, a client could connect without providing device identity/pairing. Depending on version and configuration, this could result in operator access.

Deployment Guidance

Per OpenClaw security guidance, the gateway should only be reachable from a trusted network and by trusted users (for example, restrict Tailnet users/ACLs when using Tailscale Serve).

If the gateway WebSocket is only reachable by trusted users, there is typically no untrusted party with network access to exploit this issue.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected: <= 2026.2.1
  • Fixed: >= 2026.2.2

Fix

Device-identity skipping now requires validated shared-secret authentication (token/password). Tailscale-authenticated connections without validated shared secret require device identity.

Fix Commit(s)

  • fe81b1d7125a014b8280da461f34efbf5f761575

Thanks @simecek for reporting.

Severity ?
9.3 (Critical)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.2.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-306"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-17T16:37:04Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "### Summary\n\nThe gateway WebSocket `connect` handshake could allow skipping device identity checks when `auth.token` was present but not yet validated.\n\n### Details\n\nIn `src/gateway/server/ws-connection/message-handler.ts`, the device-identity requirement could be bypassed based on the *presence* of a non-empty `connectParams.auth.token` rather than a *validated* shared-secret authentication result.\n\n### Impact\n\nIn deployments where the gateway WebSocket is reachable and connections can be authorized via Tailscale without validating the shared secret, a client could connect without providing device identity/pairing. Depending on version and configuration, this could result in operator access.\n\n### Deployment Guidance\n\nPer OpenClaw security guidance, the gateway should only be reachable from a trusted network and by trusted users (for example, restrict Tailnet users/ACLs when using Tailscale Serve).\n\nIf the gateway WebSocket is only reachable by trusted users, there is typically no untrusted party with network access to exploit this issue.\n\n### Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected: `\u003c= 2026.2.1`\n- Fixed: `\u003e= 2026.2.2`\n\n### Fix\n\nDevice-identity skipping now requires *validated* shared-secret authentication (token/password). Tailscale-authenticated connections without validated shared secret require device identity.\n\n### Fix Commit(s)\n\n- fe81b1d7125a014b8280da461f34efbf5f761575\n\nThanks @simecek for reporting.",
  "id": "GHSA-rv39-79c4-7459",
  "modified": "2026-02-17T16:37:04Z",
  "published": "2026-02-17T16:37:04Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rv39-79c4-7459"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/fe81b1d7125a014b8280da461f34efbf5f761575"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw\u0027s gateway connect could skip device identity checks when auth.token was present but not yet validated"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.