A vulnerability was found in OpenClaw up to 2026.2.24 and classified as critical . This affects an unknown function of the component Inbound Message Handler . Such manipulation leads to authentication bypass by capture-replay. This vulnerability is documented as CVE-2026-28449 . The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.