CVE-2026-32897

Description

## Vulnerability OpenClaw reused `gateway.auth.token` (and `gateway.remote.token`) as a fallback hash secret for owner-ID prompt obfuscation when `commands.ownerDisplay=hash` and `commands.ownerDisplaySecret` was unset. This created secret dual-use between gateway authentication and prompt metadata hashing. ## Impact - Auth-secret dual-use across security domains (gateway auth and prompt metadata hashing). - Hash outputs are visible to third-party model providers in system prompts. - No direct plaintext token disclosure. - Practical risk is highest when operators use weak gateway tokens and leave owner hash secret unset. ## Affected Packages / Versions - Package: `openclaw` (npm) - Latest affected published version: `2026.2.21-2` - Vulnerable range: `<= 2026.2.21-2` - Patched version (planned next release): `2026.2.22` ## Affected Components - `src/agents/cli-runner/helpers.ts` - `src/agents/pi-embedded-runner/run/attempt.ts` - `src/agents/pi-embedded-runner/compact.ts` ## Remediation - Added a shared owner-display resolver and secret-generation helper. - Removed fallback to `gateway.auth.token` and `gateway.remote.token`. - Auto-generates and persists a dedicated `commands.ownerDisplaySecret` when hash mode is enabled and secret is missing. ## Fix Commit(s) - c99e7696e6893083b256f0a6c88fb060f3a76fb7 ## Release Process Note `patched_versions` is pre-set to the planned next release (`2026.2.22`). Once npm release `2026.2.22` is published, this advisory only needs to be published. OpenClaw thanks @aether-ai-agent for reporting.

How to fix CVE-2026-32897

To remediate CVE-2026-32897, upgrade the affected package to a fixed version below.

• —upgrade to 2026.2.22 or later

Is CVE-2026-32897 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2026.2.22