OpenClaw Authentication Bypass Vulnerability via Spoofed X-Forwarded-For Headers
Vulnerability
An authentication bypass vulnerability has been identified in OpenClaw versions prior to 2026.3.22. This issue arises in the processing of the X-Forwarded-For header when trusted proxies are configured, allowing attackers to spoof loopback hops. By injecting forged forwarding headers, remote attackers can bypass authentication and rate-limiting protections, masquerading as loopback clients.
Impact
Exploitation of this vulnerability allows for authentication bypass, which can be used to circumvent access controls and rate limiting, potentially leading to abuse of the application's features or resources.
Reproduction
To reproduce this vulnerability, configure OpenClaw to trust loopback proxies. Then, send a request with an X-Forwarded-For header that includes spoofed loopback addresses. The application will incorrectly validate the request as coming from a trusted loopback client, bypassing authentication and any associated rate limits.
Remediation
Users can update to OpenClaw version 2026.3.22 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.