8 matches found
GHSA-F5FM-9JMP-C88R Duplicate Advisory: OpenClaw: Trailing-dot localhost CDP hosts could bypass remote loopback protections
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fh32-73r9-rgh5. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery responses, allowing...
Duplicate Advisory: OpenClaw: Trailing-dot localhost CDP hosts could bypass remote loopback protections
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fh32-73r9-rgh5. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery responses, allowing...
CVE-2026-41372
OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery responses, allowing bypass of loopback protections. Attackers can craft hostile discovery responses returning localhost. to retarget authenticated browser control toward localhost endpoints and expose...
CVE-2026-41372
OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery responses, allowing bypass of loopback protections. Attackers can craft hostile discovery responses returning localhost. to retarget authenticated browser control toward localhost endpoints and expose...
EUVD-2026-25952
OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery responses, allowing bypass of loopback protections. Attackers can craft hostile discovery responses returning localhost. to retarget authenticated browser control toward localhost endpoints and expose...
CVE-2026-41372 OpenClaw < 2026.4.2 - Loopback Protection Bypass via Trailing-Dot Localhost in CDP Discovery
OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery responses, allowing bypass of loopback protections. Attackers can craft hostile discovery responses returning localhost. to retarget authenticated browser control toward localhost endpoints and expose...
CVE-2026-41372 OpenClaw < 2026.4.2 - Loopback Protection Bypass via Trailing-Dot Localhost in CDP Discovery
OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery responses, allowing bypass of loopback protections. Attackers can craft hostile discovery responses returning localhost. to retarget authenticated browser control toward localhost endpoints and expose...
GHSA-FH32-73R9-RGH5 OpenClaw: Trailing-dot localhost CDP hosts could bypass remote loopback protections
Summary Before OpenClaw 2026.4.2, remote CDP discovery could return a trailing-dot localhost host such as localhost. and bypass OpenClaw's loopback-host normalization. That let a non-loopback remote CDP profile pivot the follow-up connection back onto localhost. Impact A hostile discovery respons...