HIGH🇵🇱 Wersja polska

CVE-2026-3690

CVSS 7.4v3.0pub. 2026-04-11upd. 2026-04-27

OpenClaw Canvas Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of OpenClaw. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the the authentication function for canvas endpoints. The issue results from improper implementation of authentication. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-29311.

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Openclaw

    APP
    Openclaw
    < 2026.2.19
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2026-43585CRITICAL9.2PL ✓ten sam produkt

OpenClaw: ominięcie uwierzytelniania przez nieodświeżane tokeny bearer po rotacji SecretRef

CVE-2026-43575CRITICAL9.2PL ✓ten sam produkt

OpenClaw: Authentication Bypass w trasie pomocniczej sandbox noVNC

CVE-2026-43578CRITICAL9.1PL ✓ten sam produkt

OpenClaw: privilege escalation przez pominięcie zdarzeń async exec w heartbeat

CVE-2026-43581CRITICAL9.0PL ✓ten sam produkt

OpenClaw: ekspozycja Chrome DevTools Protocol poza sandbox

CVE-2026-44109CRITICAL9.2PL ✓ten sam produkt

OpenClaw — Auth Bypass w walidacji Feishu webhook umożliwia RCE