Description

OpenClaw is a personal AI assistant. Prior to 2026.3.11, browser-originated WebSocket connections could bypass origin validation when gateway.auth.mode was set to trusted-proxy and the request arrived with proxy headers. A page served from an untrusted origin could connect through a trusted reverse proxy, inherit proxy-authenticated identity, and establish a privileged operator session. This vulnerability is fixed in 2026.3.11.

INFO

Published Date :

2026-03-12T21:22:29.099Z

Last Modified :

2026-03-12T21:22:29.099Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-32302 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-32302.

URL Resource
https://github.com/openclaw/openclaw/commit/ebed3bbde1a72a1aaa9b87b63b91e7c04a50036b cve-icon
https://github.com/openclaw/openclaw/releases/tag/v2026.3.11 cve-icon
https://github.com/openclaw/openclaw/security/advisories/GHSA-5wcw-8jjv-m286 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact