OpenClaw Authentication Bypass Vulnerability in Raw Card Send Surface
Vulnerability
An authentication bypass vulnerability has been identified in OpenClaw versions prior to 2026.3.25. This vulnerability resides in the raw card send surface, allowing unpaired recipients to mint legacy callback payloads. Attackers can exploit this by sending raw card commands that bypass direct message pairing restrictions, enabling access to callback handling without proper authorization.
Impact
Exploitation of this vulnerability allows for authentication bypass, enabling unpaired recipients to access callback functionalities that should be restricted.
Reproduction
To reproduce this vulnerability, send a raw card command payload that includes legacy card actions, such as buttons or text commands, to an unpaired recipient. The absence of pairing will allow the payload to bypass authentication checks and reach the callback handling stage, where the legacy actions can be processed without authorization.
Remediation
Users can update to OpenClaw version 2026.3.25 or later to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.