OpenClaw Canvas Authentication Bypass Vulnerability
Summary
| CVE | CVE-2026-3690 |
|---|---|
| State | PUBLISHED |
| Assigner | zdi |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-04-11 01:16:15 UTC |
| Updated | 2026-04-11 01:16:15 UTC |
| Description | OpenClaw Canvas Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of OpenClaw. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the the authentication function for canvas endpoints. The issue results from improper implementation of authentication. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-29311. |
Risk And Classification
Primary CVSS: v3.0 7.4 HIGH from [email protected]
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Problem Types: CWE-291 | CWE-291 CWE-291: Reliance on IP Address for Authentication
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.0 | [email protected] | Secondary | 7.4 | HIGH | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
| 3.0 | CNA | CVSS | 7.4 | HIGH | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
CVSS v3.0 Breakdown
Attack Vector
NetworkAttack Complexity
HighPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
NoneCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.zerodayinitiative.com/advisories/ZDI-26-228 | [email protected] | www.zerodayinitiative.com | |
| github.com/openclaw/openclaw/security/advisories/GHSA-vvjh-f6p9-5vcf | [email protected] | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.