CVE-2026-3690
🟡 Monitoruj
Obejście uwierzytelnienia w OpenClaw umożliwia zdalnym atakującym dostęp bez hasła.
CVSS
7.4
EPSS
0.2%
Exploit
poc
Vendor
openclaw
Opis źródłowy (NVD)
OpenClaw Canvas Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of OpenClaw. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the the authentication function for canvas endpoints. The issue results from improper implementation of authentication. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-29311.
auth-bypass exploit
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 7.4 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.2% |
| Opublikowano (NVD) | 2026-04-11 01:16:15 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-27 17:09:55 UTC |
Referencje
- https://github.com/openclaw/openclaw/security/advisories/GHSA-vvjh-f6p9-5vcf (zdi-disclosures@trendmicro.com) [Third Party Advisory, Exploit]
- https://www.zerodayinitiative.com/advisories/ZDI-26-228/ (zdi-disclosures@trendmicro.com) [Third Party Advisory, Exploit]