OpenClaw Authentication Bypass Vulnerability in Control UI Bootstrap Config Endpoint

An authentication bypass vulnerability has been identified in OpenClaw versions prior to 2026.4.22. This vulnerability exists in the Control UI bootstrap config endpoint, allowing unauthenticated attackers to access sensitive configuration fields. The bootstrap config route can be accessed without a valid Gateway token, exposing confidential bootstrap and configuration information that is meant for authenticated Control UI sessions.

Impact

Exploitation of this vulnerability allows for unauthorized access to sensitive configuration information, which could be misused to manipulate or disrupt the application's functionality.

Reproduction

To reproduce this vulnerability, send a GET request to the Control UI bootstrap config endpoint without including a Gateway token. This can be done by accessing the endpoint directly or by using a tool that allows for the omission of authentication headers. The response will include sensitive configuration information that should only be available to authenticated users.

Remediation

Users can update to OpenClaw version 2026.4.22 or later, where this vulnerability has been fixed.