Gratis scannen
CRITICALCVE-2026-28472CVSS 9.8

CVE-2026-28472: Authentication Bypass in OpenClaw Gateway

Platform

nodejs

Component

openclaw

Opgelost in

2026.2.2

Bekijk op NVD
Opslaan
Wordt vertaald naar uw taal…

CVE-2026-28472 describes an authentication bypass vulnerability in the OpenClaw gateway WebSocket connection handler. This flaw allows attackers to bypass device identity checks, potentially enabling unauthorized connections and access to protected resources. The vulnerability affects versions prior to 2026.2.2 and has been fixed in that release. Promptly upgrading is recommended to mitigate this critical risk.

Impact en Aanvalsscenarioswordt vertaald…

The impact of CVE-2026-28472 is severe. An attacker can exploit this vulnerability to connect to the OpenClaw gateway without providing valid device authentication credentials. This unauthorized access could lead to a range of malicious activities, including data exfiltration, command execution within the gateway environment, and lateral movement to other systems connected to the gateway. The ability to bypass authentication effectively grants an attacker a foothold within the protected network, potentially compromising the entire system. This bypass is achieved by exploiting a flaw in the connect handshake where the presence of an auth.token is checked before validation of the shared secret, allowing a malicious client to masquerade as a legitimate device.

Uitbuitingscontextwordt vertaald…

CVE-2026-28472 was published on 2026-02-17. Its severity is rated CRITICAL (9.8). There is currently no indication of this vulnerability being actively exploited in the wild, nor is it listed on KEV or EPSS. Public proof-of-concept (POC) code is not yet available, but the vulnerability's ease of exploitation suggests it could become a target for opportunistic attackers.

Dreigingsinformatie

Exploit Status

Proof of ConceptOnbekend
CISA KEVNO
InternetblootstellingHoog
Rapporten2 dreigingsrapporten

EPSS

0.05% (17% percentiel)

CISA SSVC

Exploitatienone
Automatiseerbaarno
Technische Impacttotal

CVSS-vector

DREIGINGSINFORMATIE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.8CRITICALAttack VectorNetworkHoe de aanvaller het doel bereiktAttack ComplexityLowVereiste omstandigheden om te exploiterenPrivileges RequiredNoneVereist authenticatieniveau voor aanvalUser InteractionNoneOf het slachtoffer actie moet ondernemenScopeUnchangedImpact buiten het getroffen onderdeelConfidentialityHighRisico op blootstelling van gevoelige dataIntegrityHighRisico op ongeautoriseerde gegevenswijzigingAvailabilityHighRisico op verstoring van dienstennextguardhq.com · CVSS v3.1 Basisscore
Wat betekenen deze metrics?
Attack Vector
Netwerk — op afstand uitbuitbaar via internet. Geen fysieke of lokale toegang vereist.
Attack Complexity
Laag — geen speciale voorwaarden vereist. Betrouwbaar uitbuitbaar.
Privileges Required
Geen — geen authenticatie vereist om te exploiteren.
User Interaction
Geen — automatische en stille aanval. Slachtoffer doet niets.
Scope
Ongewijzigd — impact beperkt tot het kwetsbare component.
Confidentiality
Hoog — volledig verlies van vertrouwelijkheid. Aanvaller kan alle gegevens lezen.
Integrity
Hoog — aanvaller kan alle gegevens schrijven, aanpassen of verwijderen.
Availability
Hoog — volledige crash of uitputting van resources. Totale denial of service.

Zwakheidsclassificatie (CWE)

CWE-306

Tijdlijn

  1. Gereserveerd
  2. Gepubliceerd
  3. Gewijzigd
  4. EPSS bijgewerkt

Mitigatie en Workaroundswordt vertaald…

The primary mitigation for CVE-2026-28472 is to upgrade OpenClaw to version 2026.2.2 or later. If an immediate upgrade is not feasible due to compatibility concerns or system downtime requirements, consider implementing temporary workarounds. While no direct WAF rules can prevent this, strict network segmentation limiting access to the gateway WebSocket endpoint can reduce the attack surface. Carefully review and restrict access to the gateway based on IP address or other network-based controls. After upgrading, verify the fix by attempting a WebSocket connection without providing a valid shared secret; the connection should be rejected.

Hoe te verhelpenwordt vertaald…

Actualice OpenClaw a la versión 2026.2.2 o posterior. Esta versión corrige la vulnerabilidad que permite omitir la verificación de la identidad del dispositivo durante el handshake de conexión WebSocket del gateway.

Veelgestelde vragenwordt vertaald…

What is CVE-2026-28472 — Authentication Bypass in OpenClaw Gateway?

CVE-2026-28472 is a CRITICAL vulnerability in OpenClaw gateways that allows attackers to bypass device identity checks during WebSocket connections, potentially gaining unauthorized access.

Am I affected by CVE-2026-28472 in OpenClaw Gateway?

If you are running OpenClaw versions prior to 2026.2.2 and expose your gateway WebSocket to untrusted networks, you are likely affected by this vulnerability.

How do I fix CVE-2026-28472 in OpenClaw Gateway?

Upgrade OpenClaw to version 2026.2.2 or later to remediate the vulnerability. If immediate upgrade is not possible, implement network segmentation and access restrictions as temporary workarounds.

Is CVE-2026-28472 being actively exploited?

Currently, there is no public evidence of CVE-2026-28472 being actively exploited, but its ease of exploitation suggests it could become a target.

Where can I find the official OpenClaw advisory for CVE-2026-28472?

Refer to the official OpenClaw security advisory for detailed information and updates regarding CVE-2026-28472: [https://www.openclaw.com/security/advisories](https://www.openclaw.com/security/advisories)

Is jouw project getroffen?

Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.

Gratis scannenCVEs zoeken
livefree scan

Probeer het nu — geen account

Upload elk manifest (composer.lock, package-lock.json, WordPress-pluginlijst…) of plak uw componentenlijst. U ontvangt direct een kwetsbaarheidsrapport. Een bestand uploaden is slechts het begin: met een account krijgt u continue monitoring, Slack/e-mailmeldingen, meerdere projecten en white-label rapporten.

Manual scanSlack/email alertsContinue monitoringWhite-label reports

Sleep uw afhankelijkheidsbestand hierheen

composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...