CVE-2026-28472: Authentication Bypass in OpenClaw Gateway
Plataforma
nodejs
Componente
openclaw
Corrigido em
2026.2.2
CVE-2026-28472 describes an authentication bypass vulnerability in the OpenClaw gateway WebSocket connection handler. This flaw allows attackers to bypass device identity checks, potentially enabling unauthorized connections and access to protected resources. The vulnerability affects versions prior to 2026.2.2 and has been fixed in that release. Promptly upgrading is recommended to mitigate this critical risk.
Impacto e Cenários de Ataquetraduzindo…
The impact of CVE-2026-28472 is severe. An attacker can exploit this vulnerability to connect to the OpenClaw gateway without providing valid device authentication credentials. This unauthorized access could lead to a range of malicious activities, including data exfiltration, command execution within the gateway environment, and lateral movement to other systems connected to the gateway. The ability to bypass authentication effectively grants an attacker a foothold within the protected network, potentially compromising the entire system. This bypass is achieved by exploiting a flaw in the connect handshake where the presence of an auth.token is checked before validation of the shared secret, allowing a malicious client to masquerade as a legitimate device.
Contexto de Exploraçãotraduzindo…
CVE-2026-28472 was published on 2026-02-17. Its severity is rated CRITICAL (9.8). There is currently no indication of this vulnerability being actively exploited in the wild, nor is it listed on KEV or EPSS. Public proof-of-concept (POC) code is not yet available, but the vulnerability's ease of exploitation suggests it could become a target for opportunistic attackers.
Inteligência de Ameaças
Status do Exploit
EPSS
0.05% (percentil 17%)
CISA SSVC
Vetor CVSS
O que significam essas métricas?
- Attack Vector
- Rede — explorável remotamente pela internet. Sem acesso físico ou local necessário.
- Attack Complexity
- Baixa — sem condições especiais. O atacante pode explorar de forma confiável.
- Privileges Required
- Nenhum — sem autenticação necessária para explorar.
- User Interaction
- Nenhuma — ataque automático e silencioso. A vítima não faz nada.
- Scope
- Inalterado — impacto limitado ao componente vulnerável.
- Confidentiality
- Alto — perda total de confidencialidade. O atacante pode ler todos os dados.
- Integrity
- Alto — o atacante pode escrever, modificar ou excluir qualquer dado.
- Availability
- Alto — falha completa ou esgotamento de recursos. Negação de serviço total.
Classificação de Fraqueza (CWE)
Linha do tempo
- Reservado
- Publicada
- Modificada
- EPSS atualizado
Mitigação e Soluções Alternativastraduzindo…
The primary mitigation for CVE-2026-28472 is to upgrade OpenClaw to version 2026.2.2 or later. If an immediate upgrade is not feasible due to compatibility concerns or system downtime requirements, consider implementing temporary workarounds. While no direct WAF rules can prevent this, strict network segmentation limiting access to the gateway WebSocket endpoint can reduce the attack surface. Carefully review and restrict access to the gateway based on IP address or other network-based controls. After upgrading, verify the fix by attempting a WebSocket connection without providing a valid shared secret; the connection should be rejected.
Como corrigirtraduzindo…
Actualice OpenClaw a la versión 2026.2.2 o posterior. Esta versión corrige la vulnerabilidad que permite omitir la verificación de la identidad del dispositivo durante el handshake de conexión WebSocket del gateway.
Perguntas frequentestraduzindo…
What is CVE-2026-28472 — Authentication Bypass in OpenClaw Gateway?
CVE-2026-28472 is a CRITICAL vulnerability in OpenClaw gateways that allows attackers to bypass device identity checks during WebSocket connections, potentially gaining unauthorized access.
Am I affected by CVE-2026-28472 in OpenClaw Gateway?
If you are running OpenClaw versions prior to 2026.2.2 and expose your gateway WebSocket to untrusted networks, you are likely affected by this vulnerability.
How do I fix CVE-2026-28472 in OpenClaw Gateway?
Upgrade OpenClaw to version 2026.2.2 or later to remediate the vulnerability. If immediate upgrade is not possible, implement network segmentation and access restrictions as temporary workarounds.
Is CVE-2026-28472 being actively exploited?
Currently, there is no public evidence of CVE-2026-28472 being actively exploited, but its ease of exploitation suggests it could become a target.
Where can I find the official OpenClaw advisory for CVE-2026-28472?
Refer to the official OpenClaw security advisory for detailed information and updates regarding CVE-2026-28472: [https://www.openclaw.com/security/advisories](https://www.openclaw.com/security/advisories)
Seu projeto está afetado?
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Experimente agora — sem conta
Suba qualquer manifesto (composer.lock, package-lock.json, lista de plugins WordPress…) ou cole sua lista de componentes. Você receberá um relatório de vulnerabilidades instantaneamente. Subir um arquivo é apenas o começo: com uma conta você terá monitoramento contínuo, alertas por Slack/email, vários projetos e relatórios com marca branca.
Arraste e solte seu arquivo de dependências
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...