CVE-2026-35634

Description

## Summary Before `v2026.3.23`, Canvas and A2UI loopback requests could bypass Canvas bearer-or-capability authentication because `authorizeCanvasRequest(...)` treated `isLocalDirectRequest(...)` as an unconditional allow path. ## Affected Packages / Versions - Package: `openclaw` (npm) - Affected: `< 2026.3.23` - Fixed: `>= 2026.3.23` - Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`) - Latest published npm version checked: `2026.3.23-2` ## Root Cause The vulnerable logic lived in `src/gateway/server/http-auth.ts`. `authorizeCanvasRequest(...)` returned `{ ok: true }` for local-direct requests before checking bearer authentication or an active node canvas capability, which meant unauthenticated loopback Canvas HTTP and WebSocket requests could succeed. ## Fix Commit(s) - `d5dc6b6573ae489bc7e5651090f4767b93537c9e` — `fix(gateway): require auth for canvas routes` ## Release Status The fix commit is contained in released tags `v2026.3.23` and `v2026.3.23-2`. The latest shipped tag and npm release both include the fix. ## Code-Level Confirmation - `src/gateway/server/http-auth.ts` no longer contains the local-direct early return in `authorizeCanvasRequest(...)`. - `src/gateway/server.canvas-auth.test.ts` adds the regression test `denies canvas HTTP/WS on loopback without bearer or capability by default`. Thanks @smaeljaish771 for reporting.

How to fix CVE-2026-35634

To remediate CVE-2026-35634, upgrade the affected package to a fixed version below.

• —upgrade to 2026.3.23 or later

Is CVE-2026-35634 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2026.3.23

CVSS scores

References (6)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2026-35634
• PATCHgithub.com/openclaw/openclaw
• WEBgithub.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87
• WEBgithub.com/openclaw/openclaw/commit/d5dc6b6573ae489bc7e5651090f4767b93537c9e