GHSA-G8MR-85JM-7XHM Vitest Browser: Exposed Browser Mode API Can Proxy CDP and Overwrite Config Files, Leading to RCE

Summary Vitest Browser Mode exposes a cdp API that forwards raw Chrome DevTools Protocol CDP methods over the Vitest browser WebSocket RPC. CDP is not gated by browser.api.allowWrite, browser.api.allowExec, api.allowWrite, or api.allowExec. As a result, disabling Browser Mode write and exec...

Vitest Browser: Exposed Browser Mode API Can Proxy CDP and Overwrite Config Files, Leading to RCE

Summary Vitest Browser Mode exposes a cdp API that forwards raw Chrome DevTools Protocol CDP methods over the Vitest browser WebSocket RPC. CDP is not gated by browser.api.allowWrite, browser.api.allowExec, api.allowWrite, or api.allowExec. As a result, disabling Browser Mode write and exec...

PT-2026-49576

Name of the Vulnerable Software and Affected Versions Vitest affected versions not specified Description Browser Mode exposes a cdp API that forwards raw Chrome DevTools Protocol CDP methods over the browser WebSocket RPC. This API is not restricted by the browser.api.allowWrite,...

Duplicate Advisory: OpenClaw: CDP /json/version WebSocket URL could pivot to untrusted second-hop targets

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f7fh-qg34-x2xh. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.5 contains a server-side request forgery vulnerability in the CDP /json/version WebSocket...

CVE-2026-43581

OpenClaw before 2026.4.10 contains an improper network binding vulnerability in the sandbox browser CDP relay that exposes Chrome DevTools Protocol on 0.0.0.0. Attackers can access the DevTools protocol outside intended local sandbox boundaries by exploiting the overly broad binding configuration...

CVE-2026-43581

Technical details are not publicly available in the provided documents. Monitor for updates to official advisories for specifics on affected components, impact, and remediation.

CVE-2026-43581 OpenClaw < 2026.4.10 - Chrome DevTools Protocol Exposure via Overly Broad CDP Relay Binding

OpenClaw before 2026.4.10 contains an improper network binding vulnerability in the sandbox browser CDP relay that exposes Chrome DevTools Protocol on 0.0.0.0. Attackers can access the DevTools protocol outside intended local sandbox boundaries by exploiting the overly broad binding configuration...

CVE-2026-43577 OpenClaw < 2026.4.9 - Arbitrary File Read via Browser Interaction Routes

OpenClaw before 2026.4.9 contains a file read vulnerability allowing attackers to bypass navigation guards through browser act/evaluate interactions. Attackers can pivot into the local CDP origin and create or read disallowed file:// pages despite direct navigation policy restrictions...

CVE-2026-43576

OpenClaw before 2026.4.5 is affected by a server-side request forgery in the CDP /json/version WebSocket endpoint. The webSocketDebuggerUrl field is not properly validated, enabling an attacker to redirect connections to arbitrary hosts and perform SSRF-style jumps to second-hop targets. Affected...

PT-2026-38236

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.10 Description An improper network binding issue exists in the sandbox browser CDP relay, which exposes the Chrome DevTools Protocol on 0.0.0.0. This overly broad binding configuration allows attackers to acce...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.10 contained security vulnerabilities. These vulnerabilities were caused by improper binding of the sandbox browser CDP relay network, which may allow attackers to access the...

GHSA-F5FM-9JMP-C88R Duplicate Advisory: OpenClaw: Trailing-dot localhost CDP hosts could bypass remote loopback protections

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fh32-73r9-rgh5. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery responses, allowing...

Duplicate Advisory: OpenClaw: Trailing-dot localhost CDP hosts could bypass remote loopback protections

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fh32-73r9-rgh5. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery responses, allowing...

EUVD-2026-25952

OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery responses, allowing bypass of loopback protections. Attackers can craft hostile discovery responses returning localhost. to retarget authenticated browser control toward localhost endpoints and expose...

Binding to an Unrestricted IP Address

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Binding to an Unrestricted IP Address via the CDP relay. An attacker can gain unauthorized access to the Chrome DevTools Protocol by connecting from outside the intended local or sandboxe...

GHSA-525J-HQQ2-66R4 OpenClaw: Sandbox browser CDP relay could expose DevTools protocol on 0.0.0.0

Summary Sandbox browser CDP relay could expose DevTools protocol on 0.0.0.0. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact The sandbox browser CDP relay could bind too broadly, exposing Chrome DevTools Protocol access outside the intende...

CVE-2026-22174

OpenClaw versions prior to 2026.2.22 inject the x-OpenClaw-relay-token header into Chrome CDP probe traffic on loopback interfaces, allowing local processes to capture the Gateway authentication token. An attacker controlling a loopback port can intercept CDP reachability probes to the...

CVE-2026-22174

OpenClaw versions prior to 2026.2.22 inject the x-OpenClaw-relay-token header into Chrome CDP probe traffic on loopback interfaces, allowing local processes to capture the Gateway authentication token. An attacker controlling a loopback port can intercept CDP reachability probes to the...

CVE-2026-22174 OpenClaw < 2026.2.22 - Gateway Token Disclosure via Chrome CDP Probe

OpenClaw versions prior to 2026.2.22 inject the x-OpenClaw-relay-token header into Chrome CDP probe traffic on loopback interfaces, allowing local processes to capture the Gateway authentication token. An attacker controlling a loopback port can intercept CDP reachability probes to the...

OpenClaw Loopback CDP probe can leak Gateway token to local listener

Summary A local process can capture the OpenClaw Gateway auth token from Chrome CDP probe traffic on loopback. Details Affected versions inject x-openclaw-relay-token for loopback CDP URLs, and CDP reachability probes send that header to /json/version. If an attacker controls the probed loopback...