Cyber Resilience

CVE-2026-28472

CriticalPublic PoC

Published: 05 March 2026

Published
05 March 2026
Modified
09 March 2026
KEV Added
Patch
CVSS Score v4 9.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0036 27.4th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-28472 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Openclaw Openclaw. Its CVSS base score is 9.2 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 27.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-3 (Device Identification and Authentication).

Deeper analysis

CVE-2026-28472 is a vulnerability in OpenClaw versions prior to 2026.2.2, affecting the gateway WebSocket connect handshake. The flaw allows skipping device identity checks when an auth.token is present but not properly validated, as the implementation relies on a presence check rather than full validation. This issue is classified under CWE-306 (Missing Authentication for Critical Function) and carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

Remote attackers with no privileges can exploit this vulnerability over the network by supplying an unvalidated auth.token during the WebSocket handshake, bypassing requirements for device identity or pairing. Successful exploitation enables unauthorized connection to the gateway, potentially granting operator access in vulnerable deployments. The high attack complexity stems from the need to craft a valid-looking but unverified token.

Advisories and the associated GitHub commit (fe81b1d7125a014b8280da461f34efbf5f761575) indicate that mitigation involves updating to OpenClaw version 2026.2.2 or later, where proper token validation and device identity checks are enforced in the gateway WebSocket handshake. Additional details are available in the GitHub security advisory (GHSA-rv39-79c4-7459) and Vulncheck advisory.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

OpenClaw versions prior to 2026.2.2 contain a vulnerability in the gateway WebSocket connect handshake in which it allows skipping device identity checks when auth.token is present but not validated. Attackers can connect to the gateway without providing device identity or…

more

pairing by exploiting the presence check instead of validation, potentially gaining operator access in vulnerable deployments.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The CVE describes a remote authentication bypass (CWE-306) in an exposed WebSocket gateway handshake, directly enabling initial access by exploiting a public-facing application without valid credentials or device pairing.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-28450Same product: Openclaw Openclaw
CVE-2026-26319Same product: Openclaw Openclaw
CVE-2026-32041Same product: Openclaw Openclaw
CVE-2026-32924Same product: Openclaw Openclaw
CVE-2026-43573Same product: Openclaw Openclaw
CVE-2026-35622Same product: Openclaw Openclaw
CVE-2026-28469Same product: Openclaw Openclaw
CVE-2026-22171Same product: Openclaw Openclaw
CVE-2026-41395Same product: Openclaw Openclaw
CVE-2026-32975Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.2.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires device identification and authentication before establishing connections, directly preventing bypass of device identity checks in the WebSocket handshake via unvalidated auth.tokens.

prevent

Enforces approved authorizations for access to system resources, mitigating unauthorized gateway connections resulting from skipped identity validation.

prevent

Mandates management and validation of authenticators such as auth.tokens, addressing the flaw where presence checks substitute for proper token validation.

References