CVE-2026-8305
OpenClaw · OpenClaw
A vulnerability in OpenClaw allows unauthenticated attackers to bypass authentication mechanisms and potentially trigger Server-Side Request Forgery (SSRF).
Executive summary
An authentication bypass vulnerability in OpenClaw versions 2026.1.0 through 2026.1.7 permits unauthorized access, posing a severe risk to system security.
Vulnerability
The flaw is categorized as improper authentication, which can be leveraged by unauthenticated remote attackers to bypass security controls.
Business impact
Successful exploitation allows unauthorized access to the application, which may lead to data exfiltration or internal network compromise. The CVSS score of 7.3 reflects the significant danger posed by the lack of authentication requirements for remote attackers.
Remediation
Immediate Action: Update OpenClaw to version 2026.2.12 or higher immediately to resolve the authentication vulnerability.
Proactive Monitoring: Monitor for unusual outbound requests from the application server, which may indicate exploitation of associated SSRF conditions.
Compensating Controls: Deploy WAF rules to filter suspicious, unauthenticated requests targeting the authentication endpoints of the OpenClaw service.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
Immediate patching is required for all instances of OpenClaw within the identified version range. Administrators should upgrade to version 2026.2.12 to ensure the vulnerability is fully remediated.