What is CVE-2026-32045?

CVE-2026-32045 is a medium-severity vulnerability in Openclaw, classified under Authentication Bypass by Spoofing. CVSS score: 5.9/10. Published 2026-03-21.

How severe is CVE-2026-32045?

Medium severity. CVSS v3 base score is 5.9 out of 10.

Vulnerability in Openclaw

CVE-2026-32045

OpenClaw versions prior to 2026.2.21 incorrectly apply tokenless Tailscale header authentication to HTTP gateway routes, allowing bypass of token and password requirements. Attackers on trusted networks can exploit this misconfiguration to…

EPSS: 0.001 (26.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Openclaw — versions 0, 2026.2.21

Weakness classification (CWE)

CWE-290 — Authentication Bypass by Spoofing

References

GitHub Security Advisory (GHSA-hff7-ccv5-52f8) (third-party-advisory)
Patch Commit (patch)
VulnCheck Advisory: OpenClaw < 2026.2.21 - Authentication Bypass in HTTP Gateway Routes via Tokenless Tailscale Auth (third-party-advisory)

Frequently asked questions

What is CVE-2026-32045?: CVE-2026-32045 is a medium-severity vulnerability in Openclaw, classified under Authentication Bypass by Spoofing. CVSS score: 5.9/10. Published 2026-03-21.
How severe is CVE-2026-32045?: Medium severity. CVSS v3 base score is 5.9 out of 10.