Skip to main content

OpenClaw CVE-2026-43581

| EUVD-2026-28175 CRITICAL
Initialization of a Resource with an Insecure Default (CWE-1188)
2026-05-06 disclosure@vulncheck.com
Information Disclosure Google
9.0
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
Patch available
May 06, 2026 - 21:03 EUVD
Source Code Evidence Fetched
May 06, 2026 - 20:34 vuln.today
Analysis Generated
May 06, 2026 - 20:34 vuln.today
CVE Published
May 06, 2026 - 20:16 nvd
CRITICAL 9.0

DescriptionNVD

OpenClaw before 2026.4.10 contains an improper network binding vulnerability in the sandbox browser CDP relay that exposes Chrome DevTools Protocol on 0.0.0.0. Attackers can access the DevTools protocol outside intended local sandbox boundaries by exploiting the overly broad binding configuration.

AnalysisAI

Chrome DevTools Protocol exposure in OpenClaw sandbox browser allows adjacent network attackers to remotely control sandboxed Chrome instances and access sensitive data. The CDP relay binds to 0.0.0.0 without source IP restrictions in versions before 2026.4.10, enabling attackers on the same Docker network to bypass sandbox isolation and execute arbitrary JavaScript in browser contexts. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Inventory all OpenClaw deployments and document current versions; isolate OpenClaw Docker containers to restricted networks only (disable 0.0.0.0 binding or implement host firewall rules). Within 7 days: Upgrade all instances to OpenClaw v2026.4.10 or later per vendor advisory. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

More from same product – last 7 days

CVE-2026-44739 HIGH
8.7 May 27

SQL injection in Pimcore's CustomReportsBundle (versions ≤ 12.3.5) lets an authenticated user holding the reports_config
CVE-2026-8842 MEDIUM
6.4 May 27

Stored Cross-Site Scripting in the Google+ Link Name WordPress plugin (versions up to and including 1.0) allows authenti
CVE-2025-68712 MEDIUM
5.5 May 27

Authentication bypass in SpSoft AppLock 7.9.40 for Android allows a local attacker with physical device access to circum
CVE-2026-7552 MEDIUM
5.3 May 28

Authorization bypass in the Geo Mashup WordPress plugin (all versions ≤ 1.13.19) exposes sensitive plugin configuration

CVE-2025-68709 MEDIUM
5.2 May 26

Arbitrary JavaScript execution in SailingLab AppLock 4.3.8 for Android is triggered by a malicious co-installed app send

Share

CVE-2026-43581 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy