GHSA-R65X-2HQR-J5HF: OpenClaw: Node Reconnect Metadata Spoofing Policy Bypass

A critical vulnerability impacts the OpenClaw Gateway's authentication process, allowing node impersonation. This flaw enables authenticated nodes to manipulate their platform and device family metadata during reconnection. By spoofing this data, a node can bypass command execution policies meant to restrict access based on device type. This leads to potential privilege escalation, giving restricted clients more authority. The vulnerability exists in all OpenClaw versions before 2026.2.26. The root cause is a lack of secure binding of device metadata to the authentication process. The fix involves binding platform metadata with cryptographic signatures and pinning the device family. A Proof of Concept (POC) exploit is available, increasing the risk. Remediation involves upgrading to version 2026.2.26 or later, reviewing paired devices for inconsistencies. Further steps include revoking and re-pairing suspect devices and monitoring for security events. The CVSS score of the vulnerability is 8.5, indicating a high severity security risk.