OpenClaw CVE-2026-44118: Loopback Owner Context Spoofing Vulnerability
A high-severity vulnerability, CVE-2026-44118, has been identified in OpenClaw before version 2026.4.22. This flaw, assigned a CVSS score of 7.8 (HIGH) by the National Vulnerability Database, stems from how OpenClaw derives loopback MCP owner context. Specifically, it relies on spoofable server-issued bearer tokens found in request headers.
This design weakness allows non-owner loopback clients to manipulate sender-owner header metadata. By doing so, they can present themselves as the legitimate owner, effectively bypassing owner-gated operations. The National Vulnerability Database classifies this as CWE-290, an authentication bypass by primary weakness.
The attacker’s calculus here is straightforward: gain unauthorized administrative control or perform privileged actions by masquerading as an authorized entity. For defenders, this means a significant risk of privilege escalation and unauthorized data manipulation within affected OpenClaw environments. It’s a critical logic flaw that attackers will absolutely look to exploit for internal lateral movement and control.
What This Means For You
- If your organization uses OpenClaw, you must immediately verify your version. Prioritize upgrading to OpenClaw 2026.4.22 or later to mitigate CVE-2026-44118. Audit logs for any unusual activity related to loopback client operations or unauthorized access attempts using spoofed owner contexts.
Related ATT&CK Techniques
🛡️ Detection Rules
2 rules · 6 SIEM formats2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-44118: OpenClaw Loopback Owner Context Spoofing Attempt
title: CVE-2026-44118: OpenClaw Loopback Owner Context Spoofing Attempt
id: scw-2026-05-06-ai-1
status: experimental
level: high
description: |
Detects attempts to exploit CVE-2026-44118 by sending requests to the OpenClaw loopback API endpoint with a spoofed 'sender-owner' header, indicated by a specific referer pattern. This bypasses owner-gated operations by impersonating an authorized owner.
author: SCW Feed Engine (AI-generated)
date: 2026-05-06
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-44118/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/api/v1/loopback'
referer|contains:
- 'spoofed-owner'
cs-method|exact:
- 'POST'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-44118 | Auth Bypass | OpenClaw software |
| CVE-2026-44118 | Auth Bypass | OpenClaw versions prior to 2026.4.22 |
| CVE-2026-44118 | Auth Bypass | Manipulation of sender-owner header metadata |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 06, 2026 at 23:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-41484 — OpenTelemetry.Exporter.OneCollector is a .NET exporter that
CVE-2026-41484 — OpenTelemetry.Exporter.OneCollector is a .NET exporter that sends telemetry to a OneCollector back-end over HTTP. In versions 1.15.0 and earlier, when a request to...
CVE-2026-41483 — OpenTelemetry.Resources.Azure is the .NET resource detector
CVE-2026-41483 — OpenTelemetry.Resources.Azure is the .NET resource detector for Azure environments. In versions 1.15.0-beta.1 and earlier, the AzureVmMetaDataRequestor class makes HTTP requests to the Azure...
CVE-2026-41417 — Netty allows request-line validation to be bypassed when a
CVE-2026-41417 — Netty allows request-line validation to be bypassed when a `DefaultHttpRequest` or `DefaultFullHttpRequest` is created first and its URI is later changed via `setUri()`....