GHSA-8j2w-6fmm-m587: OpenClaw: /api/channels gateway-auth boundary bypass via path canonicalization mismatch

March 12, 2026

Gateway auth for plugin channel endpoints can be bypassed when path canonicalization differs between the gateway guard and plugin handler routing.

References

github.com/advisories/GHSA-8j2w-6fmm-m587
github.com/openclaw/openclaw
github.com/openclaw/openclaw/security/advisories/GHSA-8j2w-6fmm-m587

Code Behaviors & Features

Detect and mitigate GHSA-8j2w-6fmm-m587 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →