Plataforma
nodejs
Componente
openclaw
Corregido en
2026.2.15
2026.2.14
CVE-2026-26322 describes a vulnerability in the OpenClaw tool where the gatewayUrl parameter is not sufficiently restricted. This allows a malicious actor to dictate the target of outbound WebSocket connections initiated by the OpenClaw host. The vulnerability affects versions of OpenClaw up to 2026.2.13, and a patch is planned for version 2026.2.14.
The primary impact of CVE-2026-26322 is the potential for unauthorized outbound network connections. An attacker who can influence the gatewayUrl parameter can redirect OpenClaw's WebSocket connections to malicious servers, potentially exfiltrating sensitive data or establishing a command-and-control channel. This could lead to data breaches, system compromise, and further malicious activity. The ability to control outbound connections bypasses typical network segmentation and security controls, significantly expanding the attack surface.
CVE-2026-26322 was publicly disclosed on 2026-02-17. There is no indication of active exploitation or KEV listing at the time of writing. Public proof-of-concept code is not currently available, but the vulnerability's nature suggests a relatively low barrier to exploitation once a suitable attack vector is identified.
Development teams using OpenClaw in their workflows are at risk, particularly those relying on automated build processes or third-party tools that can influence the gatewayUrl parameter. Shared hosting environments where multiple users have access to OpenClaw configurations are also vulnerable.
• nodejs: Use npm audit to check for vulnerable versions of openclaw.
npm audit openclaw• nodejs: Monitor process execution for openclaw with unusual network activity using lsof or netstat.
lsof -i -p $(pgrep openclaw)• generic web: Examine access logs for requests containing suspicious gatewayUrl parameters.
• generic web: Monitor outbound network traffic for unexpected WebSocket connections originating from OpenClaw processes.
disclosure
Estado del Exploit
EPSS
0.02% (4% percentil)
CISA SSVC
Vector CVSS
The primary mitigation for CVE-2026-26322 is to upgrade to OpenClaw version 2026.2.14 or later, which addresses the insufficient input validation. If upgrading is not immediately feasible, consider implementing strict network egress filtering rules to block outbound WebSocket connections to untrusted destinations. Monitor network traffic for unusual WebSocket connections originating from OpenClaw processes. Review and restrict access to tools that accept and process the gatewayUrl parameter, limiting it to trusted operators and automation.
Actualice OpenClaw a la versión 2026.2.14 o posterior. Esta versión restringe los `gatewayUrl` suministrados por la herramienta a loopback o la `gateway.remote.url` configurada, rechazando protocolos no permitidos, credenciales, query/hash y rutas no raíz.
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2026-26322 is a HIGH severity vulnerability in OpenClaw versions <= 2026.2.13 that allows attackers to control outbound WebSocket connections by manipulating the gatewayUrl parameter.
You are affected if you are using OpenClaw version 2026.2.13 or earlier. Check your installed version and upgrade as soon as possible.
Upgrade OpenClaw to version 2026.2.14 or later. As a temporary workaround, restrict outbound WebSocket connections to trusted destinations.
There is currently no evidence of active exploitation, but the vulnerability's nature makes it a potential target.
Refer to the OpenClaw project's official channels (e.g., GitHub repository, npm package page) for the latest advisory and security updates.
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.