OpenClaw Authentication Bypass Vulnerability in HTTP Gateway Routes via Tokenless Tailscale Auth
Vulnerability
A vulnerability exists in OpenClaw versions prior to 2026.2.21, where tokenless Tailscale header authentication is incorrectly applied to HTTP gateway routes. This misconfiguration allows bypassing token and password requirements, enabling access to HTTP gateway routes without proper authentication credentials. The vulnerability can be exploited by attackers on trusted networks.
Impact
Exploitation of this vulnerability allows for authentication bypass on HTTP gateway routes, weakening access controls and potentially leading to unauthorized actions or data exposure.
Reproduction
To reproduce this vulnerability, deploy OpenClaw version prior to 2026.2.21 and enable tokenless Tailscale authentication. Then, access HTTP gateway routes which will not require the usual authentication tokens or passwords.
Remediation
Users can update to OpenClaw version 2026.2.21 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.