CVE-2026-28472: CVE-2026-28472: Device Identity Verification Bypass in OpenClaw Gateway WebSocket Handshake
CVSS Score: 8.1 Published: 2026-03-05 Full Report: https://cvereports.com/reports/CVE-2026-28472
CVE-2026-28472 is a critical security vulnerability in the OpenClaw automation platform affecting all versions prior to 2026.2.2. The vulnerability resides in the gateway's WebSocket connection handshake logic, where a flaw in authentication sequence allows unauthenticated attackers to bypass device identity verification. In environments utilizing secondary authentication providers, this can result in unauthorized operator access to the gateway.
A logic flaw in OpenClaw < 2026.2.2 allows attackers to bypass device identity checks during the WebSocket handshake by providing an unvalidated dummy token, potentially leading to unauthorized operator access.
- CWE ID: CWE-306
- Attack Vector: Network
- CVSS v3.1: 8.1 (High)
- EPSS Score: 0.00041 (12.29%)
- Impact: Unauthorized Operator Access
- Exploit Status: Proof of Concept
- CISA KEV: Not Listed
- OpenClaw Gateway server component
- OpenClaw WebSocket connection handler
- OpenClaw: < 2026.2.2 (Fixed in:
2026.2.2)
- Upgrade OpenClaw to version 2026.2.2 or higher.
- Ensure the dangerouslyDisableDeviceAuth setting is set to false in the gateway configuration.
- Restrict network access to the OpenClaw gateway WebSocket port using firewalls or VPNs.
- Audit logs for unauthorized connection attempts mentioning device identity failures.
Remediation Steps:
- Verify the current running version of OpenClaw.
- Download the 2026.2.2 release from the official repository.
- Deploy the update to the gateway server.
- Restart the OpenClaw gateway service.
- Verify that WebSocket connections without valid tokens are correctly rejected before device identity checks are skipped.
Generated by CVEReports - Automated Vulnerability Intelligence