CVE-2026-22174 in OpenClaw
Summary
by MITRE • 03/18/2026
OpenClaw versions prior to 2026.2.22 inject the x-OpenClaw-relay-token header into Chrome CDP probe traffic on loopback interfaces, allowing local processes to capture the Gateway authentication token. An attacker controlling a loopback port can intercept CDP reachability probes to the /json/version endpoint and reuse the leaked token as Gateway bearer authentication.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 03/25/2026
The vulnerability identified as CVE-2026-22174 affects OpenClaw versions before 2026.2.22 and represents a significant authentication bypass flaw within the Chrome DevTools Protocol (CDP) communication framework. This issue stems from improper header handling during CDP probe traffic processing on loopback interfaces, creating an avenue for local privilege escalation and unauthorized access to gateway resources. The flaw specifically manifests when the system injects the x-OpenClaw-relay-token header into CDP traffic, which contains sensitive authentication credentials that should remain protected within the system's internal communication channels.
The technical implementation of this vulnerability exploits the trust relationship between local processes and loopback interfaces, where the OpenClaw service fails to properly sanitize or validate header injection mechanisms. When CDP reachability probes are sent to the /json/version endpoint, the system inadvertently includes the authentication token within the x-OpenClaw-relay-token header, effectively leaking credentials that should only be accessible to authorized internal components. This behavior creates a direct pathway for malicious local processes to capture these headers and subsequently utilize the stolen tokens for unauthorized gateway access.
From an operational impact perspective, this vulnerability enables attackers with local access to loopback port control to perform unauthorized authentication against gateway services. The attack vector specifically targets the Chrome DevTools Protocol communication channel, which is commonly used for debugging and development purposes but should not expose authentication mechanisms to local processes. The leaked token can be reused as a bearer token for gateway authentication, potentially allowing full access to administrative functions and sensitive data within the OpenClaw ecosystem. This represents a critical security gap that violates the principle of least privilege and exposes the system to unauthorized access.
The vulnerability aligns with CWE-284, which addresses improper access control, and demonstrates characteristics similar to credential exposure issues within web application frameworks. From an ATT&CK framework perspective, this vulnerability maps to T1566.001 (Phishing: Spearphishing Attachment) and T1078.004 (Valid Accounts: Cloud Accounts) through the unauthorized access to gateway resources, though the initial compromise occurs through local network manipulation rather than traditional social engineering. The attack chain begins with local port manipulation followed by traffic interception and credential reuse, making it particularly dangerous in environments where local privilege escalation is possible.
Mitigation strategies should focus on implementing proper header sanitization and authentication token isolation within loopback communications. The recommended solution involves updating OpenClaw to version 2026.2.22 or later, which includes patched header handling mechanisms that prevent the injection of authentication tokens into CDP probe traffic. Additionally, network segmentation should be implemented to restrict loopback interface access, and monitoring should be enhanced to detect unauthorized header injection patterns. System administrators should also consider implementing strict access controls on loopback interfaces and regularly audit CDP communication channels for unexpected header modifications. The fix should be complemented with security awareness training for developers to prevent similar header injection vulnerabilities in future implementations and adherence to secure coding practices that emphasize proper authentication token handling and validation mechanisms.