CVE-2026-10617
Description
GoClaw versions prior to 3.11.3 allow unauthenticated remote access to admin endpoints and forged webhook execution due to missing authentication checks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
GoClaw versions prior to 3.11.3 allow unauthenticated remote access to admin endpoints and forged webhook execution due to missing authentication checks.
Vulnerability
A security vulnerability exists in nextlevelbuilder GoClaw up to version 3.11.3, specifically within the resolveAuth function in internal/http/auth.go. The issue arises when security secrets, such as GOCLAW_GATEWAY_TOKEN, are left unset. In this state, the authentication resolver incorrectly treats requests without a bearer token as authenticated RoleAdmin callers, enabling remote exploitation.
Exploitation
An attacker can exploit this vulnerability by sending unauthenticated HTTP requests to the GoClaw server when the GOCLAW_GATEWAY_TOKEN is empty. This allows them to invoke sensitive operator and admin HTTP endpoints, such as /v1/tools/invoke and /v1/mcp/servers. Additionally, if webhook verification secrets are unset, attackers can forge webhook payloads, bypassing signature and token verification to have them accepted as trusted events [1].
Impact
Successful exploitation grants attackers unauthenticated remote access to sensitive administrative endpoints and the ability to execute arbitrary commands or operations with RoleAdmin privileges. Furthermore, forged webhook payloads can lead to the execution of unintended actions or data manipulation, compromising the integrity and security of the system [1].
Mitigation
GoClaw versions 3.11.3 and later address this vulnerability. It is recommended to upgrade to a patched version as soon as possible. If immediate patching is not feasible, ensure that all security secrets, including GOCLAW_GATEWAY_TOKEN and webhook verification secrets, are securely configured and not left unset to prevent the fail-open conditions [1]. No end-of-life status or KEV listing is available in the provided references.
AI Insight generated on Jun 2, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=3.11.3
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The authentication resolver incorrectly grants administrative privileges when security secrets are not configured."
Attack vector
An unauthenticated remote attacker can exploit this vulnerability by sending a direct HTTP request to sensitive endpoints without an Authorization header. This is possible if the `GOCLAW_GATEWAY_TOKEN` is unset or empty, causing the `resolveAuth` function to treat the request as authenticated with administrative privileges [ref_id=1]. Additionally, webhook handlers for Feishu and Pancake will skip signature and token verification if their respective secrets are not configured, allowing forged webhook payloads to be accepted as trusted events [ref_id=1].
Affected code
The vulnerability lies within the `resolveAuth` function in `internal/http/auth.go`, which contains a conditional branch that grants administrative access when `pkgGatewayToken` is empty. This same resolver is used by administrative HTTP routes such as `/v1/tools/invoke` and `/v1/mcp/servers`. Additionally, webhook handlers in `internal/channels/feishu/larkevents.go` and `internal/channels/pancake/webhook_handler.go` exhibit similar fail-open behavior when verification secrets are not configured [ref_id=1].
What the fix does
The advisory indicates that the vulnerability is addressed by ensuring that security secrets are properly configured. Specifically, the `resolveAuth` function should not grant administrative access when the `pkgGatewayToken` is empty, and webhook handlers must enforce token and signature verification even when secrets are unset [ref_id=1]. The patch is not explicitly detailed, but the guidance implies that the fail-open logic in `resolveAuth` and webhook verification must be removed or corrected.
Preconditions
- configThe `GOCLAW_GATEWAY_TOKEN` must be unset or empty.
- configFor webhook exploitation, the Feishu or Pancake webhook verification secret must be unset.
- networkThe HTTP listener must be exposed and reachable by the attacker.
Reproduction
The advisory provides Python scripts for reproduction. First, deploy GoClaw with an empty gateway token and run `poc_exploit.py` pointing to the HTTP listener. This script sends a POST request to `/v1/tools/invoke` without an Authorization header, which should be accepted and execute a tool. Second, configure a Feishu or Pancake channel without a verification secret and run `poc_webhook.py` pointing to the webhook URL. This script sends a forged webhook event, which should be accepted with an HTTP 200 status code [ref_id=1].
Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5News mentions
0No linked articles in our index yet.