OpenClaw's gateway tokenless Tailscale auth applied to HTTP routes

CVE-2026-32045 → View on GitHub ↗ View on CVE.org ↗ View on NVD ↗

Description

Summary

When tokenless Tailscale auth is enabled, OpenClaw should only allow forwarded-header auth for Control UI websocket authentication on trusted hosts. In affected versions, that tokenless path could also be used by HTTP gateway auth call sites, which could bypass token/password requirements for HTTP routes in trusted-network deployments.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected range: <= 2026.2.19-2 (latest published npm version as of February 21, 2026)
  • Patched in: planned 2026.2.21 release

Impact

Deployments relying on token/password for HTTP gateway routes could be downgraded to tokenless behavior when Tailscale header auth is enabled. This weakens expected HTTP route authentication boundaries even in trusted-host network setups.

Per SECURITY.md, this does not affect the recommended setup: keep the Gateway loopback-only (or otherwise within a trusted host/network boundary), use Tailscale serve/funnel for remote access, and keep tokenless Tailscale auth scoped to Control UI websocket login.

Fix

  • Added an explicit auth-surface gate (allowTailscaleHeaderAuth, default false) in gateway auth.
  • Enabled tokenless Tailscale header auth only for Control UI websocket authentication.
  • Kept HTTP gateway auth call sites on token/password auth paths.
  • Added regression coverage for HTTP-vs-websocket behavior and Tailscale header handling.

Fix Commit(s)

  • 356d61aacfa5b0f1d5830716ec59d70682a3e7b8

Release Process Note

patched_versions is pre-set to the planned next release (2026.2.21) so once npm release is published, this advisory can be published directly without further field edits.

OpenClaw thanks @zpbrent for reporting.

Basic information

Type
reviewed
Severity
medium
Advisory on GitHub
Open advisory ↗
Repository advisory
Open repository advisory ↗
Source code
Browse source ↗
Published (advisory)
2026-03-03 18:43:04 UTC
Updated
2026-03-24 18:06:06 UTC
GitHub reviewed
2026-03-03 18:43:04 UTC

EPSS Score

Score Percentile
0.08% 23.98%

CVSS Scores

Base score Version Severity Vector
6.9 4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network.
Attack complexity (AC:L)
Exploitation conditions are straightforward and stable.
Attack requirements (AT:N)
No additional preconditions are required beyond normal reachability.
Privileges required (PR:N)
No privileges are required.
User interaction (UI:N)
No user interaction is required.
Vulnerable system confidentiality impact (VC:N)
No confidentiality impact on the vulnerable system.
Vulnerable system integrity impact (VI:L)
Limited integrity impact on the vulnerable system.
Vulnerable system availability impact (VA:N)
No availability impact on the vulnerable system.
Subsequent system confidentiality impact (SC:N)
No confidentiality impact on subsequent systems.
Subsequent system integrity impact (SI:N)
No integrity impact on subsequent systems.
Subsequent system availability impact (SA:N)
No availability impact on subsequent systems.

Identifiers

Type Value
GHSA GHSA-hff7-ccv5-52f8 ↗
CVE CVE-2026-32045 ↗

CWEs

CWE id Name
CWE-290 Authentication Bypass by Spoofing

Credits

  • zpbrent (reporter)

Affected packages (1)

Vulnerable version ranges and first patched releases as published by GitHub.

Ecosystem Package Vulnerable range First patched Vulnerable functions
npm openclaw < 2026.2.21 2026.2.21

References

cvelogic Threat Intelligence