Home / Vulnerability Intelligence / CVE-2026-28472

CVE-2026-28472 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 6, 2026

OpenClaw - Authentication Bypass

Published: March 5, 2026Updated: March 6, 2026Remote Exploitable

Overview

OpenClaw < 2026.2.2 contains an authentication bypass caused by skipping device identity checks when auth.token is present but not validated in the gateway WebSocket connect handshake, letting attackers gain operator access without device identity or pairing.

Severity & Score

Severity: High

CVSS Score: 8.1

EPSS Score: 3.9%(Probability of exploitation in next 30 days)

Impact

Attackers can gain operator access without device identity or pairing, potentially controlling the gateway.

Mitigation

Update to version 2026.2.2 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 6, 2026

🔴 CVE-2026-28472 - Critical (9.8) OpenClaw versions prior to 2026.2.2 contain a vulnerability in the gateway WebSocket connect handshake in which it allows skipping device identity checks when auth.token is present but not validated. Attackers can connect to the gateway without pr... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28472/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-28472
Severity: High
CVSS Score: 8.1
Type: broken_authentication
Status: new
EPSS: 3.9%
Social Posts: 1

CWE

CWE-306

CVSS Metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

3.9%Probability of exploitation in the next 30 days