Summary
In affected versions of openclaw, browser-originated WebSocket connections could bypass origin validation when gateway.auth.mode was set to trusted-proxy and the request arrived with proxy headers. A page served from an untrusted origin could connect through a trusted reverse proxy, inherit proxy-authenticated identity, and establish a privileged operator session.
Affected Packages and Versions
- Package:
openclaw(npm) - Affected versions:
< 2026.3.11 - Fixed in:
2026.3.11
Technical Details
The WebSocket handshake logic treated proxy-delivered requests as exempt from the generic browser origin check whenever an Origin header was present alongside proxy headers. In trusted-proxy mode, that exemption allowed browser-originated connections to skip the normal origin-validation path even though they were still browser requests.
Because trusted-proxy authentication can produce a shared authenticated operator context, the affected path could retain requested operator scopes after the handshake. That made the browser origin check the missing boundary between an untrusted origin and an authenticated operator-class session.
Workarounds
Upgrade to 2026.3.11 or later.
If you cannot upgrade immediately, avoid exposing browser-reachable Gateway WebSocket endpoints in trusted-proxy mode to untrusted origins, and ensure reverse-proxy/browser reachability is restricted to trusted origins only.
Impact
This issue affects deployments that expose the Gateway behind a trusted reverse proxy and rely on browser origin checks such as controlUi.allowedOrigins to restrict browser access. An attacker who can cause a victim browser to load a malicious page that can reach the proxy endpoint could establish a cross-site WebSocket connection and call privileged Gateway methods.
In verified impact, the attacker-origin page was able to request operator.admin and successfully call config.get, exposing sensitive configuration. Depending on the deployment, the same authenticated operator path could also permit other privileged reads or mutations available to operator-class callers.
CVE-2026-32302 has a CVSS score of 8.1 (High). The vector is network-reachable, no privileges required, and user interaction required. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment. A fixed version is available (2026.3.11); upgrading removes the vulnerable code path.
Affected versions
Security releases
Kodem intelligence
Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.
Remediation advice
OpenClaw now enforces browser origin validation for any browser-originated WebSocket connection regardless of whether proxy headers are present. The fix shipped in [email protected].
Fixed commit: ebed3bbde1a72a1aaa9b87b63b91e7c04a50036b
Release tag: v2026.3.11
Frequently Asked Questions
- What is CVE-2026-32302? CVE-2026-32302 is a high-severity security vulnerability in openclaw (npm), affecting versions < 2026.3.11. It is fixed in 2026.3.11.
- How severe is CVE-2026-32302? CVE-2026-32302 has a CVSS score of 8.1 (High). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
- Which versions of openclaw are affected by CVE-2026-32302? openclaw (npm) versions < 2026.3.11 is affected.
- Is there a fix for CVE-2026-32302? Yes. CVE-2026-32302 is fixed in 2026.3.11. Upgrade to this version or later.
- Is CVE-2026-32302 exploitable, and should I be worried? Whether CVE-2026-32302 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
- What actually determines whether CVE-2026-32302 is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
- How do I fix CVE-2026-32302? Upgrade
openclawto 2026.3.11 or later.