@0xwork/connect (>=0.1.0 <=0.1.7), @agentholdings/agent-passport (>=0.1.0 <=0.1.5) +22 more potentially affected by CVE-2026-43577 via openclaw (>=2026.3.22 <=2026.4.5)

openclaw NPM version =2026.3.22, =0.1.0, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =0.0.0, =27.2.5, =1.1.0, =2.1.3, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =0.2.18 and more Source cves: CVE-2026-43577 Source advisory: SNYK:JS-OPENCLAW-16438147...

CVE-2026-43577

OpenClaw is affected by a file-read vulnerability prior to version 2026.4.9. The issue allows an attacker to bypass navigation guards via browser act/evaluate interactions, pivot into the local CDP origin, and create or read disallowed file:// pages despite navigation policy restrictions. Impact ...