Skip to main content

OpenClaw CVE-2026-42436

| EUVDEUVD-2026-27255 MEDIUM
Missing Authorization (CWE-862)
2026-05-05 VulnCheck
4.9
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
4.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Severity Changed
May 05, 2026 - 12:37 NVD
HIGH MEDIUM
CVSS changed
May 05, 2026 - 12:37 NVD
7.7 (HIGH) 4.9 (MEDIUM)
Source Code Evidence Fetched
May 05, 2026 - 12:16 vuln.today
Analysis Generated
May 05, 2026 - 12:16 vuln.today

DescriptionCVE.org

OpenClaw before 2026.4.14 contains an improper access control vulnerability in browser snapshot, screenshot, and tab routes that fail to consistently validate the final browser target after navigation. Authenticated callers can bypass SSRF restrictions to expose internal or disallowed page content by exploiting route-driven navigation without proper policy re-validation.

AnalysisAI

Authenticated users of OpenClaw (npm package) can bypass server-side request forgery (SSRF) protections to access internal or restricted web pages via browser snapshot, screenshot, and tab routes. The vulnerability exploits incomplete validation after route-driven navigation - while initial requests pass SSRF policy checks, the final browser target after navigation is not re-validated before content is captured and returned. This allows lateral movement to internal endpoints (e.g., cloud metadata services at 169.254.169.254) in environments with restrictive browser SSRF configurations. Vendor-released patch available in OpenClaw 2026.4.14. No active exploitation confirmed (not in CISA KEV), though public exploit code has not been independently verified.

Technical ContextAI

OpenClaw is a browser automation and web content capture tool distributed via npm. The vulnerability stems from CWE-862 (Missing Authorization) in the browser snapshot, screenshot, and tab route handlers. These endpoints accept authenticated requests to capture page content but failed to re-apply the configured SSRF policy after browser navigation events. The CVSS vector (AV:N/AC:L/PR:L/UI:N/S:C) indicates network-exploitable, low-complexity attacks requiring only low-privilege authentication with scope change - the browser context can access resources beyond the OpenClaw application's intended permissions. The fix (commit b75ad800a59009fc) adds policy re-validation in the navigation guard flow, checking both the final page URL and any newly opened tabs against the SSRF allowlist before returning captured content. Regression tests were added to verify that tabs opened to blocked URLs (like AWS metadata endpoints) now trigger immediate failure rather than exposing content.

RemediationAI

Upgrade the OpenClaw npm package to version 2026.4.14 or later, which includes the fix from PR #66040 (commit b75ad800a59009fc47eaa3471410f69046150e59). Install via 'npm install openclaw@2026.4.14' or update package.json dependency to '^2026.4.14'. The patch enforces SSRF policy re-validation on snapshot, screenshot, and tab routes after browser navigation completes, and adds regression tests for tab-opening scenarios. Vendor advisory confirms 2026.4.14 as the first stable release with the fix: https://github.com/openclaw/openclaw/security/advisories/GHSA-c4qm-58hj-j6pj. No workarounds are documented in the advisory. If immediate patching is not feasible, implement network-layer compensating controls: restrict OpenClaw server egress to explicitly allowed domains via firewall rules, block access to private IP ranges (RFC 1918, 169.254.0.0/16, fd00::/8) and cloud metadata endpoints (169.254.169.254, metadata.google.internal) at the network perimeter, and audit authentication logs for unusual snapshot/screenshot API calls targeting internal URLs. Trade-off: egress restrictions may break legitimate browser automation workflows requiring access to internal services - test thoroughly in staging. Defense in depth: run OpenClaw in isolated network segments with no route to sensitive internal systems, and enforce principle of least privilege for service accounts used by authenticated callers.

CVE-2026-28446 CRITICAL POC
9.4 Mar 05

Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.

CVE-2026-33579 CRITICAL POC
9.4 Mar 31

Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access b

CVE-2026-32042 HIGH POC
8.8 Mar 21

OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated att

CVE-2026-32051 HIGH POC
8.8 Mar 21

An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.

CVE-2026-25253 HIGH POC
8.8 Feb 01

OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs e

CVE-2026-32846 HIGH POC
8.7 Mar 26

Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files in

CVE-2026-32064 HIGH POC
7.7 Mar 21

OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, all

CVE-2026-32055 HIGH POC
7.6 Mar 21

OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace director

CVE-2026-32056 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run func

CVE-2026-32049 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consiste

CVE-2026-32048 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low

CVE-2026-25474 HIGH POC
7.5 Feb 19

OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSec

Share

CVE-2026-42436 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy