Skip to main content

OpenClaw CVE-2026-43577

| EUVDEUVD-2026-28166 HIGH
Missing Authorization (CWE-862)
2026-05-06 disclosure@vulncheck.com
7.1
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Patch available
May 06, 2026 - 21:03 EUVD
Source Code Evidence Fetched
May 06, 2026 - 20:33 vuln.today
Analysis Generated
May 06, 2026 - 20:33 vuln.today
CVE Published
May 06, 2026 - 20:16 nvd
HIGH 7.1

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 1 npm packages depend on openclaw (1 direct, 0 indirect)

Ecosystem-wide dependent count for version 2026.4.9.

DescriptionCVE.org

OpenClaw before 2026.4.9 contains a file read vulnerability allowing attackers to bypass navigation guards through browser act/evaluate interactions. Attackers can pivot into the local CDP origin and create or read disallowed file:// pages despite direct navigation policy restrictions.

AnalysisAI

Arbitrary file read in OpenClaw before 2026.4.9 allows authenticated remote attackers to bypass navigation guards and access local files via browser interaction routes. Attackers exploit the ability to trigger navigation into the local Chrome DevTools Protocol (CDP) origin through act/evaluate commands, then create or read disallowed file:// URLs despite direct navigation policy restrictions. Patch available in version 2026.4.9 and confirmed included in npm release 2026.4.14. No public exploit code identified at time of analysis, CVSS 7.1 (High) with network attack vector and low complexity.

Technical ContextAI

OpenClaw is a browser automation framework utilizing the Chrome DevTools Protocol (CDP) for programmatic control. The vulnerability stems from CWE-862 (Missing Authorization) in the navigation guard implementation. When browser interaction primitives (click, evaluate, batched actions) trigger main-frame navigations, the original implementation failed to re-validate destination URLs against configured SSRF quarantine policies. This allowed attackers to pivot from permitted origins into the local CDP control plane (typically http://127.0.0.1:9222) and subsequently navigate to file:// scheme URLs. The CDP origin provides elevated local access capabilities that should be protected by the navigation policy but were bypassed through the interaction-driven navigation path. The fix implements post-interaction URL validation by registering framenavigated event listeners that invoke assertPageNavigationCompletedSafely after browser interactions complete, ensuring all navigation paths enforce the same security policy.

RemediationAI

Upgrade OpenClaw to version 2026.4.9 or later. The npm package openclaw@2026.4.14 contains the verified fix. Patch delivered via GitHub commit 5f5b3d733bdd791cb457f838514179e1288b10b3 and pull request #63226, which implements post-navigation URL validation in browser interaction routes. Organizations unable to upgrade immediately should implement compensating controls: restrict OpenClaw API access to highly trusted users only, apply network segmentation to prevent CDP endpoint access from OpenClaw processes (block outbound connections to 127.0.0.1:9222 and similar CDP ports), and enable comprehensive audit logging of all browser.click, browser.evaluate, and batch interaction commands to detect potential abuse attempts. Note that blocking CDP access may break legitimate automation workflows that require devtools interaction. Review authentication mechanisms for OpenClaw instances and ensure multi-factor authentication where feasible. Advisory: https://github.com/openclaw/openclaw/security/advisories/GHSA-qmwg-qprg-3j38, Fix PR: https://github.com/openclaw/openclaw/pull/63226.

CVE-2026-28446 CRITICAL POC
9.4 Mar 05

Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.

CVE-2026-33579 CRITICAL POC
9.4 Mar 31

Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access b

CVE-2026-32042 HIGH POC
8.8 Mar 21

OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated att

CVE-2026-32051 HIGH POC
8.8 Mar 21

An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.

CVE-2026-25253 HIGH POC
8.8 Feb 01

OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs e

CVE-2026-32846 HIGH POC
8.7 Mar 26

Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files in

CVE-2026-32064 HIGH POC
7.7 Mar 21

OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, all

CVE-2026-32055 HIGH POC
7.6 Mar 21

OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace director

CVE-2026-32056 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run func

CVE-2026-32049 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consiste

CVE-2026-32048 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low

CVE-2026-25474 HIGH POC
7.5 Feb 19

OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSec

Share

CVE-2026-43577 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy