免费扫描
CRITICALCVE-2026-28472CVSS 9.8

CVE-2026-28472: Authentication Bypass in OpenClaw Gateway

平台

nodejs

组件

openclaw

修复版本

2026.2.2

在NVD查看
保存
正在翻译为您的语言…

CVE-2026-28472 describes an authentication bypass vulnerability in the OpenClaw gateway WebSocket connection handler. This flaw allows attackers to bypass device identity checks, potentially enabling unauthorized connections and access to protected resources. The vulnerability affects versions prior to 2026.2.2 and has been fixed in that release. Promptly upgrading is recommended to mitigate this critical risk.

影响与攻击场景翻译中…

The impact of CVE-2026-28472 is severe. An attacker can exploit this vulnerability to connect to the OpenClaw gateway without providing valid device authentication credentials. This unauthorized access could lead to a range of malicious activities, including data exfiltration, command execution within the gateway environment, and lateral movement to other systems connected to the gateway. The ability to bypass authentication effectively grants an attacker a foothold within the protected network, potentially compromising the entire system. This bypass is achieved by exploiting a flaw in the connect handshake where the presence of an auth.token is checked before validation of the shared secret, allowing a malicious client to masquerade as a legitimate device.

利用背景翻译中…

CVE-2026-28472 was published on 2026-02-17. Its severity is rated CRITICAL (9.8). There is currently no indication of this vulnerability being actively exploited in the wild, nor is it listed on KEV or EPSS. Public proof-of-concept (POC) code is not yet available, but the vulnerability's ease of exploitation suggests it could become a target for opportunistic attackers.

威胁情报

漏洞利用状态

概念验证未知
CISA KEVNO
互联网暴露
报告2 份威胁报告

EPSS

0.05% (17% 百分位)

CISA SSVC

利用情况none
可自动化no
技术影响total

CVSS 向量

威胁情报· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.8CRITICALAttack VectorNetwork攻击者如何到达目标Attack ComplexityLow利用漏洞所需的条件Privileges RequiredNone攻击所需的认证级别User InteractionNone是否需要受害者采取行动ScopeUnchanged超出受影响组件的影响范围ConfidentialityHigh敏感数据泄露风险IntegrityHigh数据未授权篡改风险AvailabilityHigh服务中断风险nextguardhq.com · CVSS v3.1 基础分数
这些指标意味着什么?
Attack Vector
网络 — 可通过互联网远程利用,无需物理或本地访问。攻击面最大。
Attack Complexity
低 — 无需特殊条件,可以稳定地利用漏洞。
Privileges Required
无 — 无需认证,无需凭证即可利用。
User Interaction
无 — 攻击自动且无声,受害者无需任何操作。
Scope
未改变 — 影响仅限于脆弱组件本身。
Confidentiality
高 — 完全丧失机密性,攻击者可读取所有数据。
Integrity
高 — 攻击者可写入、修改或删除任何数据。
Availability
高 — 完全崩溃或资源耗尽,完全拒绝服务。

弱点分类 (CWE)

CWE-306

时间线

  1. 已保留
  2. 发布日期
  3. 修改日期
  4. EPSS 更新日期

缓解措施和替代方案翻译中…

The primary mitigation for CVE-2026-28472 is to upgrade OpenClaw to version 2026.2.2 or later. If an immediate upgrade is not feasible due to compatibility concerns or system downtime requirements, consider implementing temporary workarounds. While no direct WAF rules can prevent this, strict network segmentation limiting access to the gateway WebSocket endpoint can reduce the attack surface. Carefully review and restrict access to the gateway based on IP address or other network-based controls. After upgrading, verify the fix by attempting a WebSocket connection without providing a valid shared secret; the connection should be rejected.

修复方法翻译中…

Actualice OpenClaw a la versión 2026.2.2 o posterior. Esta versión corrige la vulnerabilidad que permite omitir la verificación de la identidad del dispositivo durante el handshake de conexión WebSocket del gateway.

常见问题翻译中…

What is CVE-2026-28472 — Authentication Bypass in OpenClaw Gateway?

CVE-2026-28472 is a CRITICAL vulnerability in OpenClaw gateways that allows attackers to bypass device identity checks during WebSocket connections, potentially gaining unauthorized access.

Am I affected by CVE-2026-28472 in OpenClaw Gateway?

If you are running OpenClaw versions prior to 2026.2.2 and expose your gateway WebSocket to untrusted networks, you are likely affected by this vulnerability.

How do I fix CVE-2026-28472 in OpenClaw Gateway?

Upgrade OpenClaw to version 2026.2.2 or later to remediate the vulnerability. If immediate upgrade is not possible, implement network segmentation and access restrictions as temporary workarounds.

Is CVE-2026-28472 being actively exploited?

Currently, there is no public evidence of CVE-2026-28472 being actively exploited, but its ease of exploitation suggests it could become a target.

Where can I find the official OpenClaw advisory for CVE-2026-28472?

Refer to the official OpenClaw security advisory for detailed information and updates regarding CVE-2026-28472: [https://www.openclaw.com/security/advisories](https://www.openclaw.com/security/advisories)

你的项目受影响吗?

上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。

免费扫描搜索 CVE
live免费扫描

立即试用 — 无需账户

上传任意清单文件(composer.lock、package-lock.json、WordPress插件列表等)或粘贴组件列表,即可立即获得漏洞报告。上传文件只是开始:注册账号后,您将获得持续监控、Slack/邮件提醒、多项目管理和白标报告等功能。

手动扫描Slack/邮件提醒持续监控白标报告

拖放您的依赖文件

composer.lock、package-lock.json、requirements.txt、Gemfile.lock、pubspec.lock、Dockerfile...