Nixpkgs security tracker

Untriaged

Permalink CVE-2026-35634

5.1 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): NONE

created 3 weeks, 1 day ago Activity log

Created suggestion 3 weeks, 1 day ago

OpenClaw < 2026.3.23 - Authentication Bypass via Local-Direct Requests in Canvas Gateway

OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where authorizeCanvasRequest() unconditionally allows local-direct requests without validating bearer tokens or canvas capabilities. Attackers can send unauthenticated loopback HTTP and WebSocket requests to Canvas routes to bypass authentication and gain unauthorized access.

References

GitHub Security Advisory (GHSA-6mqc-jqh6-x8fc) third-party-advisory
Patch Commit #1 patch
Patch Commit #2 patch
VulnCheck Advisory: OpenClaw < 2026.3.23 - Authentication Bypass via Local-Direct Requests in Canvas Gateway third-party-advisory

Affected products

OpenClaw

<2026.3.23
==2026.3.23

Matching in nixpkgs

pkgs.openclaw

Self-hosted, open-source AI assistant/agent

nixos-unstable 2026.4.2
- nixpkgs-unstable 2026.4.2
- nixos-unstable-small 2026.4.2

Package maintainers

@mkg20001 Maciej Krüger <mkg20001+nix@gmail.com>
@chrisportela Chris Portela <chris@chrisportela.com>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.openclaw

Package maintainers