CVE-2026-32897 in OpenClaw
Summary
by MITRE • 03/21/2026
OpenClaw versions prior to 2026.2.22 reuse gateway.auth.token as a fallback hash secret for owner-ID prompt obfuscation when commands.ownerDisplay is set to hash and commands.ownerDisplaySecret is unset, creating dual-use of authentication secrets across security domains. Attackers with access to system prompts sent to third-party model providers can derive the gateway authentication token from the hash outputs, compromising gateway authentication security.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 03/27/2026
The vulnerability identified as CVE-2026-32897 represents a critical security flaw in OpenClaw versions prior to 2026.2.22 that stems from improper handling of authentication secrets across distinct security domains. This issue manifests when the system is configured with commands.ownerDisplay set to hash and commands.ownerDisplaySecret left unset, creating a dangerous scenario where the same authentication token serves dual purposes within the system architecture. The flaw constitutes a direct violation of security principle separation of concerns, where authentication credentials intended for one security domain are improperly repurposed for another, creating an attack surface that adversaries can exploit to compromise core authentication mechanisms.
The technical implementation of this vulnerability leverages the predictable reuse of the gateway.auth.token as a fallback hash secret for owner-ID prompt obfuscation. When system prompts are transmitted to third-party model providers, the hash outputs contain sufficient information for attackers to reverse-engineer the original authentication token through cryptographic analysis and pattern recognition techniques. This represents a fundamental breakdown in the security model where the confidentiality and integrity of authentication tokens are compromised due to their dual usage in both authentication and obfuscation contexts. The vulnerability specifically affects systems where the owner ID prompt is obfuscated using hash functions, creating a scenario where the hash secret becomes exposed through the prompt data flow.
The operational impact of this vulnerability extends beyond simple credential compromise, as it enables attackers to potentially gain unauthorized access to gateway authentication mechanisms and subsequently escalate privileges within the system. The exposure of gateway authentication tokens through prompt obfuscation creates a persistent security risk that can be exploited repeatedly across multiple interactions with third-party providers. This vulnerability directly impacts the integrity of the authentication system and undermines the trust model that relies on proper secret management and domain separation. Attackers can leverage this weakness to impersonate legitimate users, gain unauthorized access to protected resources, and potentially execute further attacks within the compromised environment.
Mitigation strategies for CVE-2026-32897 require immediate implementation of proper secret management practices and domain separation of authentication credentials. Organizations should upgrade to OpenClaw version 2026.2.22 or later where this vulnerability has been addressed through proper isolation of authentication secrets. The recommended approach involves ensuring that commands.ownerDisplaySecret is explicitly configured when commands.ownerDisplay is set to hash, preventing the automatic reuse of authentication tokens as hash secrets. Security configurations should enforce strict separation between authentication credentials used for gateway access control and those used for prompt obfuscation. Additionally, implementing monitoring for unusual prompt patterns and cryptographic anomalies can help detect potential exploitation attempts. This vulnerability aligns with CWE-312 (Sensitive Data Exposure) and represents a specific instance of improper credential handling that can be mapped to ATT&CK technique T1552.001 (Credentials in Files) and T1552.006 (Channel Binding) within the MITRE ATT&CK framework, emphasizing the need for comprehensive security hardening across authentication and obfuscation mechanisms.