GHSA-vvjh-f6p9-5vcf: OpenClaw Canvas Authentication Bypass Vulnerability

March 4, 2026

ZDI-CAN-29311: OpenClaw Canvas Authentication Bypass Vulnerability

– ABSTRACT ————————————-

Trend Micro’s Zero Day Initiative has identified a vulnerability affecting the following products: OpenClaw - OpenClaw

– VULNERABILITY DETAILS ————————

Version tested: openclaw 2026.2.17
Platform tested: macOS 26.3

References

github.com/advisories/GHSA-vvjh-f6p9-5vcf
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/c45f3c5b004c8d63dc0e282e2176f8c9355d24f1
github.com/openclaw/openclaw/security/advisories/GHSA-vvjh-f6p9-5vcf

Code Behaviors & Features

Detect and mitigate GHSA-vvjh-f6p9-5vcf with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →