GHSA-hff7-ccv5-52f8

Summary

When tokenless Tailscale auth is enabled, OpenClaw should only allow forwarded-header auth for Control UI websocket authentication on trusted hosts. In affected versions, that tokenless path could also be used by HTTP gateway auth call sites, which could bypass token/password requirements for HTTP routes in trusted-network deployments.

Affected Packages / Versions

• Package: openclaw (npm)
• Affected range: <= 2026.2.19-2 (latest published npm version as of February 21, 2026)
• Patched in: planned 2026.2.21 release

Impact

Deployments relying on token/password for HTTP gateway routes could be downgraded to tokenless behavior when Tailscale header auth is enabled. This weakens expected HTTP route authentication boundaries even in trusted-host network setups.

Per SECURITY.md, this does not affect the recommended setup: keep the Gateway loopback-only (or otherwise within a trusted host/network boundary), use Tailscale serve/funnel for remote access, and keep tokenless Tailscale auth scoped to Control UI websocket login.

Fix

• Added an explicit auth-surface gate (allowTailscaleHeaderAuth, default false) in gateway auth.
• Enabled tokenless Tailscale header auth only for Control UI websocket authentication.
• Kept HTTP gateway auth call sites on token/password auth paths.
• Added regression coverage for HTTP-vs-websocket behavior and Tailscale header handling.

Fix Commit(s)

• 356d61aacfa5b0f1d5830716ec59d70682a3e7b8

Release Process Note

patched_versions is pre-set to the planned next release (2026.2.21) so once npm release is published, this advisory can be published directly without further field edits.

OpenClaw thanks @zpbrent for reporting.