OpenClaw Authentication Bypass Vulnerability Allowing Unauthorized WebSocket Node Role Injection

An authentication bypass vulnerability has been identified in OpenClaw versions prior to 2026.2.22. This vulnerability allows clients authenticated with a shared gateway token to connect as 'role=node' without verifying device identity. Exploitation occurs during the WebSocket handshake, where the lack of device pairing enables unauthorized injection of 'node.event' calls, triggering 'agent.request' and 'voice.transcript' flows.

Impact

Exploitation of this vulnerability allows unauthorized injection of 'node.event' calls into agent-triggered flows, bypassing necessary device pairing and authentication requirements.

Reproduction

To reproduce this vulnerability, connect to the OpenClaw WebSocket server using a shared gateway token. During the handshake, claim the 'node' role while omitting device identity. Once connected, inject 'node.event' calls, which will trigger 'agent.request' and 'voice.transcript' flows without proper device pairing.

Remediation

Users should upgrade to OpenClaw version 2026.2.22 or later, once available. The patched version requires device identity for 'role=node' WebSocket connections, even when shared-token authentication is successful.