GHSA-jj6q-rrrf-h66h: openclaw: timing side-channel leaks shared-secret length

Published April 7, 2026

CISO Take

OpenClaw's npm package before 2026.4.2 uses early-exit length checks in several shared-secret comparison paths instead of the constant-time helper, creating a measurable timing side-channel that leaks secret length to network-adjacent attackers. While this vulnerability does not by itself enable authentication bypass, it weakens a critical cryptographic primitive in an AI agent framework already carrying 37 known CVEs — raising the probability it will be combined with other weaknesses in a multi-step attack chain. The OpenClaw ecosystem has been independently flagged for malicious third-party skills delivering credential stealers (AIID #1368), making any erosion of authentication guarantees in this package materially more concerning than the standalone CVSS score suggests. Upgrade to openclaw 2026.4.2 immediately and rotate any shared secrets that may have been exposed to untrusted networks.

Sources: GitHub Advisory ATLAS

Risk Assessment

Medium risk with elevated contextual concern. In isolation, CWE-208 requires network proximity, repeated measurement capability, and yields only partial information — the byte-length of the shared secret. However, openclaw's history of 37 CVEs and a documented malicious skills ecosystem (AIID #1368) substantially increase the probability of this weakness being chained in a broader credential-access sequence. Pipelines exposing openclaw authentication endpoints to untrusted networks or using short, low-entropy shared secrets face the highest exposure.

Affected Systems

Package	Ecosystem	Vulnerable Range	Patched
openclaw	npm	<= 2026.4.1	`2026.4.2`

Do you use openclaw? You're affected.

Severity & Risk

CVSS 3.1

N/A

EPSS

N/A

Exploitation Status

No known exploitation

Sophistication

Moderate

Recommended Action

Upgrade openclaw to >= 2026.4.2 (fix commit: be10ecef770a4654519869c3641bbb91087c8c7b) — no workaround addresses the root cause.
After patching, rotate all shared secrets used with openclaw, prioritizing short or low-entropy secrets most vulnerable to length-constrained brute force.
If immediate upgrade is not possible, restrict network access to openclaw's authenticated endpoints to trusted IP ranges via firewall rules.
Audit deployed third-party openclaw skills against the AIID #1368 indicator set — malicious skills in the same ecosystem represent a co-risk with significantly higher severity than this CVE alone.

Classification

Auth Bypass Data Extraction Agent Framework AML.T0006 - Active Scanning AML.T0055 - Unsecured Credentials AML.T0106 - Exploitation for Credential Access

Compliance Impact

This CVE is relevant to:

ISO 42001

A.9.4 - System and Application Access Control — Use of Privileged Utility Programs

NIST AI RMF

MANAGE 2.4 - Residual risks from AI components are documented and managed

OWASP LLM Top 10

LLM06 - Sensitive Information Disclosure

Related AI Incidents (1)

Malicious OpenClaw Skills Reportedly Delivered AMOS Stealer and Exfiltrated Credentials via ClawHub

Feb 2026 Unknown threat actors distributing malicious OpenClaw skills, Unknown threat actors, Unknown malicious actors medium confidence

AIID #1368 documents malicious openclaw skills delivering credential stealers in the same package ecosystem — a weakened shared-secret comparison in openclaw's authentication layer directly complements the credential-exfiltration pathway documented in that incident, making both vulnerabilities potentially part of the same attack chain.

AIID #1368

Source: AI Incident Database (AIID)

Technical Details

NVD Description

## Summary Before OpenClaw 2026.4.2, several shared-secret comparison call sites still used early length-mismatch checks instead of the shared fixed-length comparison helper. Those paths could leak secret-length information through measurable timing differences. ## Impact The affected paths exposed a low-severity timing side channel on secret comparison. The issue did not by itself demonstrate auth bypass, but it weakened the intended constant-time handling for shared secrets. ## Affected Packages / Versions - Package: `openclaw` (npm) - Affected versions: `<= 2026.4.1` - Patched versions: `>= 2026.4.2` - Latest published npm version: `2026.4.1` ## Fix Commit(s) - `be10ecef770a4654519869c3641bbb91087c8c7b` — reuse the shared secret comparison helper at affected call sites ## Release Process Note The fix is present on `main` and is staged for OpenClaw `2026.4.2`. Publish this advisory after the `2026.4.2` npm release is live. Thanks @kexinoh of Tencent zhuque Lab (https://github.com/Tencent/AI-Infra-Guard) for reporting.

Exploitation Scenario

An adversary with network access to an openclaw-based agent service submits repeated authentication requests with candidate shared secrets of varying lengths, measuring response latency for each. The early-exit length check causes requests with incorrect-length candidates to return measurably faster, allowing the attacker to identify the exact secret length within a small number of probes. With the search space reduced to a single length class, the attacker mounts a targeted brute-force or dictionary attack. In an environment already compromised by a malicious openclaw skill (per AIID #1368), the attacker may combine leaked secret-length information with credentials harvested from agent configuration files to gain fully authenticated access to the agent's tool-calling interface.