Cyber Resilience

CVE-2026-32045

HighPublic PoC

Published: 21 March 2026

Published
21 March 2026
Modified
24 March 2026
KEV Added
Patch
CVSS Score v4 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0040 31.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-32045 is a high-severity Authentication Bypass by Spoofing (CWE-290) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 31.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-32045 is an authentication bypass vulnerability affecting OpenClaw versions prior to 2026.2.21. The issue stems from the incorrect application of tokenless Tailscale header authentication to HTTP gateway routes, which allows attackers to bypass required token and password authentication. This misconfiguration, linked to CWE-290 (Authentication Bypass by Spoofing), has a CVSS v3.1 base score of 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) and was published on 2026-03-21.

Attackers positioned on trusted networks can exploit this vulnerability over the network with no privileges or user interaction required, though it demands high attack complexity. Successful exploitation grants unauthorized access to HTTP gateway routes, resulting in high confidentiality impact by exposing sensitive data without integrity or availability disruption.

Advisories and the associated patch recommend updating to OpenClaw version 2026.2.21 or later to mitigate the issue. The fixing commit (356d61aacfa5b0f1d5830716ec59d70682a3e7b8) addresses the improper Tailscale header handling, while GitHub Security Advisory GHSA-hff7-ccv5-52f8 and VulnCheck's analysis provide further details on the flaw and remediation steps.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

OpenClaw versions prior to 2026.2.21 incorrectly apply tokenless Tailscale header authentication to HTTP gateway routes, allowing bypass of token and password requirements. Attackers on trusted networks can exploit this misconfiguration to access HTTP gateway routes without proper authentication credentials.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Authentication bypass via spoofed Tailscale headers on HTTP gateway routes directly enables remote exploitation of a public-facing application for unauthorized data access (CWE-290).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-35622Same product: Openclaw Openclaw
CVE-2026-28465Same product: Openclaw Openclaw
CVE-2026-32924Same product: Openclaw Openclaw
CVE-2026-43573Same product: Openclaw Openclaw
CVE-2026-28469Same product: Openclaw Openclaw
CVE-2026-22171Same product: Openclaw Openclaw
CVE-2026-32014Same product: Openclaw Openclaw
CVE-2026-28472Same product: Openclaw Openclaw
CVE-2026-41395Same product: Openclaw Openclaw
CVE-2026-32975Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.2.21

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and correction of flaws like the authentication bypass in OpenClaw via patching to version 2026.2.21 or later.

prevent

Enforces approved access control policies to block unauthorized access to HTTP gateway routes despite Tailscale header authentication bypass.

prevent

Mandates secure configuration settings and monitoring for authentication mechanisms, mitigating misapplication of tokenless Tailscale header authentication.

References