{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/token-spoofing/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["openclaw"],"_cs_severities":["high"],"_cs_tags":["vulnerability","npm","token spoofing"],"_cs_type":"advisory","_cs_vendors":["npm"],"content_html":"\u003cp\u003eOpenClaw, a package available on npm, contains a vulnerability in versions 2026.4.21 and earlier that allows for token spoofing within the MCP loopback path. This flaw stems from the acceptance of spoofable owner-context metadata from request headers. A malicious actor could exploit this by crafting requests that falsely present them as the owner, thereby bypassing authorization checks and potentially gaining unauthorized access to operations intended only for the owner. The vulnerability was reported by @VladimirEliTokarev and patched in version 2026.4.22. This issue matters for defenders because it can lead to privilege escalation and unauthorized modification of system configurations or data.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable OpenClaw instance (version \u0026lt;= 2026.4.21) utilizing the MCP loopback.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious HTTP request targeting the MCP loopback endpoint.\u003c/li\u003e\n\u003cli\u003eAttacker injects a forged \u0026ldquo;sender-owner\u0026rdquo; header into the HTTP request, claiming owner privileges.\u003c/li\u003e\n\u003cli\u003eThe vulnerable OpenClaw instance incorrectly trusts the spoofed \u0026ldquo;sender-owner\u0026rdquo; header.\u003c/li\u003e\n\u003cli\u003eThe application bypasses owner authorization checks due to the forged header.\u003c/li\u003e\n\u003cli\u003eAttacker gains access to owner-gated operations within the MCP loopback.\u003c/li\u003e\n\u003cli\u003eAttacker performs unauthorized actions, such as modifying configurations or accessing sensitive data.\u003c/li\u003e\n\u003cli\u003eAttacker maintains unauthorized access, potentially escalating privileges further within the system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability could allow unauthorized access to critical system functions intended only for the owner. This could lead to configuration changes, data breaches, or other malicious activities depending on the specific owner-gated operations exposed within the OpenClaw MCP loopback. The severity depends on the permissions granted to the \u0026ldquo;owner\u0026rdquo; context within the application but could be critical.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade OpenClaw to version 2026.4.22 or later to remediate the vulnerability as described in the fix commit 3cb1a56bfc9579a0f2336f9cfa12a8a744332a19.\u003c/li\u003e\n\u003cli\u003eImplement network monitoring to detect suspicious HTTP requests containing potentially forged \u0026ldquo;sender-owner\u0026rdquo; headers targeting MCP loopback endpoints using the Sigma rule \u003ccode\u003eDetect OpenClaw MCP Loopback Owner Spoofing\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eReview and audit existing OpenClaw deployments to identify and patch vulnerable instances quickly.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-09T12:00:00Z","date_published":"2024-01-09T12:00:00Z","id":"/briefs/2024-01-openclaw-token-spoofing/","summary":"A vulnerability in OpenClaw versions 2026.4.21 and earlier allows a non-owner loopback client to spoof the owner context by manipulating request headers, potentially gaining unauthorized access to owner-gated operations.","title":"OpenClaw MCP Loopback Token Spoofing Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-01-openclaw-token-spoofing/"}],"language":"en","title":"CraftedSignal Threat Feed — Token Spoofing","version":"https://jsonfeed.org/version/1.1"}