Primary

Context

OpenClaw Gateway Plugin Path Traversal Vulnerability Allowing Authentication Bypass

Vulnerability

A path traversal vulnerability has been identified in OpenClaw gateway plugin versions prior to 2026.2.26. This vulnerability allows remote attackers to bypass authentication checks on protected plugin channel routes by manipulating the /api/channels paths with encoded dot-segment traversal sequences. When plugin handlers normalize the incoming paths, the encoded traversal patterns can be used to access routes that should be protected, effectively circumventing security controls.

Impact

Exploitation of this vulnerability allows for authentication bypass on protected plugin channel routes, enabling unauthorized access to these routes via manipulated API path traversal.

Remediation

Users can upgrade to OpenClaw gateway plugin version 2026.2.26 or later to address this vulnerability.

Added: Mar 19, 2026, 10:29 PM

Updated: Mar 19, 2026, 10:29 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.1

remediation

0.0

relevance

4.1

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.1

remediation

0.0

relevance

4.1

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenClaw Gateway Plugin Path Traversal Vulnerability Allowing Authentication Bypass

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating