CVE-2026-42436

OpenClaw before 2026.4.14 contains an improper access control vulnerability in browser snapshot, screenshot, and tab routes that fail to consistently validate the final browser target after navigation. Authenticated callers can bypass SSRF restrictions to expose internal or disallowed page conten...

EUVD-2026-27261

OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in the browser tabs action select and close routes. Attackers can bypass configured browser SSRF policy protections by exploiting the /tabs/action endpoint to perform unauthorized tab navigation operation...

CVE-2026-42439

OpenClaw prior to 2026.4.10 contains a server-side request forgery policy bypass in the browser tabs action routes (/tabs/action). This allows bypassing configured SSRF protections to perform unauthorized tab navigation operations. Affected: OpenClaw; vulnerability likely affects the browser tabs...

CVE-2026-42439 OpenClaw < 2026.4.10 - SSRF Policy Bypass in Browser Tabs Action Routes

OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in the browser tabs action select and close routes. Attackers can bypass configured browser SSRF policy protections by exploiting the /tabs/action endpoint to perform unauthorized tab navigation operation...

CVE-2026-42439 OpenClaw < 2026.4.10 - SSRF Policy Bypass in Browser Tabs Action Routes

OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in the browser tabs action select and close routes. Attackers can bypass configured browser SSRF policy protections by exploiting the /tabs/action endpoint to perform unauthorized tab navigation operation...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.10 contained security vulnerabilities. These vulnerabilities were due to a bypass of the server-side request forgery strategy used in browser tab operations, such as selecting a...

OpenClaw: Browser tabs action select and close routes bypassed SSRF policy

Summary Browser tabs action select and close routes bypassed SSRF policy. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact The browser /tabs/action select and close branches could operate on targets without enforcing configured browser SSRF...

GHSA-RJ2P-J66C-MGQH OpenClaw: Browser tabs action select and close routes bypassed SSRF policy

Summary Browser tabs action select and close routes bypassed SSRF policy. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact The browser /tabs/action select and close branches could operate on targets without enforcing configured browser SSRF...

PT-2026-37011

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.10 Description A server-side request forgery SSRF policy bypass exists in the browser tabs action select and close routes. Attackers can bypass configured browser SSRF policy protections by exploiting the...

GHSA-H9G4-589H-68XV OpenClaw has an authentication bypass in sandbox browser bridge server

Summary openclaw could start the sandbox browser bridge server without authentication. When the sandboxed browser is enabled, openclaw runs a local loopback HTTP bridge that exposes browser control endpoints for example /profiles, /tabs, /tabs/open, /agent/. Due to missing auth wiring in the...

CVE-2026-21874

NiceGUI is a Python-based UI framework. From versions v2.10.0 to 3.4.1, an unauthenticated attacker can exhaust Redis connections by repeatedly opening and closing browser tabs on any NiceGUI application using Redis-backed storage. Connections are never released, leading to service degradation wh...

EUVD-2021-6540

Malicious code in bioql PyPI...

CVE-2021-1073

NVIDIA GeForce Experience, all versions prior to 3.23, contains a vulnerability in the login flow when a user tries to log in by using a browser, while, at the same time, any other web page is loaded in other tabs of the same browser. In this situation, the web page can get access to the token of...

Apple fixes Mac bug that could have allowed takeover of webcams and browser tabs

A researcher has picked up a $100,500 bounty from Apple after discovering a rather nasty method of gaining control of other people’s Macs. The issue, discovered lurking in Safari by Ryan Pickren, could make use of rogue websites to perform a number of dubious actions. It begins, as so many attack...

Debian DSA-4289-1 : chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2018-16065 Brendon Tiszka discovered an out-of-bounds write issue in the v8 JavaScript library. - CVE-2018-16066 cloudfuzzer discovered an out-of-bounds read issue in blink/webkit. - CVE-2018-16067 Zhe Jin discovered ...

Liberapay: Phishing by Navigating Browser Tabs

Hi team, I was create a PR on github https://github.com/liberapay/liberapay.com/pull/1127 Details Opened windows through normal hrefs with target="blank" can modify window.opener.location and replace the parent webpage with something else, even on a different origin. While this doesn't allow scri...

I keep 200+ Browser Tabs Open, and My Computer Runs Absolutely Fine. Here’s My Secret.

I don't know about your part, but I make heavy use of tabs. I currently have 200+ tabs open in my Google Chrome Web browser. And sometimes the number is even more. For me it's a daily thing, as I regularly open new tabs because of my habit of reading lots of stuff online, including cyber security...