GoClaw Unauthenticated RCE via Heartbeat Command Injection

Vulnerability Summary: Unauthenticated Log Subscription and Command Injection in GoClaw Heartbeat Execution Flow Vulnerability Overview Title: Critical: Unauthenticated log subscription and command injection in heartbeat execution flow #866 Severity: Critical (CVSS 3.1 Score: 10.0) Type: Unauthenticated Remote Code Execution (RCE) Core Logic: The Gateway in GoClaw has a flaw in its authentication logic. When a client connects, if the provided Bearer Token is invalid, expired, or missing, the server does not reject the connection but silently falls back to an “unauthenticated context.” Meanwhile, the RBAC permission engine adopts a default-allow policy for unclassified RPC methods. This allows an attacker to access specific interfaces without credentials and inject malicious commands via the heartbeat execution flow. Impact Scope Affected Components: Gateway/Connect (Authentication Interceptor / Middleware) Authorization/RBAC (Permission Policy Engine) ApiChannels/Instances (Instance Listing RPC) ApiLogs (Log Streaming RPC) Heartbeat/Runner (Heartbeat Execution Engine) Attack Path: 1. Establish a “degraded” view session (no valid credentials required). 2. List all registered agents and obtain their UUIDs. 3. Inject malicious content into the endpoint to confirm liveness. 4. Trigger the Heartbeat Runner, injecting attacker-controlled content into the agent’s execution context (specifically ). 5. Leverage the agent’s capability (if enabled) to achieve arbitrary command execution on the underlying host. Remediation Plan 1. Reject Unauthenticated Connections (Critical): Modify the Connect Interceptor to strictly close the connection or return an unauthenticated status; do not fall back to a default view context. 2. Enforce Default Deny (Critical): Change the RBAC policy to default deny. RPC methods must be explicitly marked as allowed unless they are intentionally public. 3. Authorize Heartbeat Scope: Heartbeat write operations ( ) must be restricted to or scopes; view roles must not have access. 4. Input Sanitization: The Heartbeat Runner should treat content from the heartbeat service as untrusted data, executing it in a sandboxed environment or strictly validating prompts. 5. Mask Sensitive Identifiers**: The endpoint should return non-sensitive Alias or Fingerprint instead of internal UUIDs. POC Code/Exploit Code

Goal Reached Thanks to every supporter — we hit 100%!

GoClaw Unauthenticated RCE via Heartbeat Command Injection

More from this source