Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenClaw: Untrusted web origins can obtain authenticated operator.admin access in trusted-proxy mode
Vulnerability Description
OpenClaw is a personal AI assistant. Prior to 2026.3.11, browser-originated WebSocket connections could bypass origin validation when gateway.auth.mode was set to trusted-proxy and the request arrived with proxy headers. A page served from an untrusted origin could connect through a trusted reverse proxy, inherit proxy-authenticated identity, and establish a privileged operator session. This vulnerability is fixed in 2026.3.11.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
源验证错误
Vulnerability Title
OpenClaw 访问控制错误漏洞
Vulnerability Description
OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.3.11之前版本存在访问控制错误漏洞,该漏洞源于浏览器发起的WebSocket连接在特定配置下可绕过来源验证,可能导致来自不受信任来源的页面建立特权操作会话。
CVSS Information
N/A
Vulnerability Type
N/A