EUVD-2026-13964
GHSA-cxcw-jm67-3wwp
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
5Description
OpenClaw versions prior to 2026.2.21 sandbox browser entrypoint launches x11vnc without authentication for noVNC observer sessions, allowing unauthenticated access to the VNC interface. Remote attackers on the host loopback interface can connect to the exposed noVNC port to observe or interact with the sandbox browser without credentials.
Analysis
OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, allowing any attacker with access to the host's loopback interface to view or interact with sandboxed browser sessions without credentials. All OpenClaw versions prior to 2026.2.21 are affected. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all OpenClaw installations and identify which versions are in use; assess whether any sandboxed browser sessions process sensitive or confidential data. Within 7 days: Apply vendor patch 2026.2.21 or later to all affected systems, prioritizing production environments; validate patches in a test environment before production deployment. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today