OpenClaw Authentication Bypass Vulnerability in API Channels Route
Vulnerability
A vulnerability allowing authentication bypass has been identified in OpenClaw versions prior to 2026.3.2. This issue arises in the '/api/channels' route due to a mismatch in canonicalization depth between authentication path classification and route path handling. Attackers can exploit this vulnerability by sending deeply encoded slash variants, such as multi-encoded '%2f', to bypass authentication checks and access protected endpoints.
Impact
Exploitation of this vulnerability allows attackers to bypass authentication checks on the '/api/channels' route, potentially leading to unauthorized access to channel-related functionalities or data.
Reproduction
To reproduce this vulnerability, send a request to a protected '/api/channels' endpoint using a deeply encoded slash variant that exceeds the canonicalization depth limit. This can be done by multi-encoding the slash character, which may allow the request to bypass authentication checks and access the endpoint without proper authorization.
Remediation
Users can upgrade to OpenClaw version 2026.3.2 or later to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.