OpenClaw Authentication Bypass Vulnerability in Canvas Endpoints
Vulnerability
An authentication bypass vulnerability has been identified in OpenClaw versions through 2026.2.17. This issue allows remote attackers to bypass authentication on canvas endpoints, including the Agent-to-User Interface (A2UI) and WebSocket channels, by exploiting an improper implementation of authentication that relies on IP address matching. In environments with shared IP addresses, such as corporate networks or containerized applications, an unauthenticated attacker can gain unauthorized access to sensitive data and functionalities.
Impact
Exploitation of this vulnerability grants unauthorized access to all canvas endpoints, including the A2UI interface, canvas content, and the WebSocket upgrade endpoint, without the need for authentication. This could lead to the disclosure of sensitive information presented by the AI agent to the user.
Reproduction
The vulnerability can be reproduced by deploying the OpenClaw gateway on a network-exposed server with token-based authentication. After a legitimate client authenticates via WebSocket, an unauthenticated client on the same network can send HTTP requests to the canvas endpoints from the same IP address, bypassing authentication and gaining full access to the canvas functionalities.
Remediation
Users are advised to update to OpenClaw version 2026.2.19 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.