OpenClaw has auth inconsistency on local Browser Extension Relay /extension endpoint

Summary When the optional Chrome extension relay is enabled, /extension accepted unauthenticated WebSocket upgrades while /json/ and /cdp required auth. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.17 - Latest published npm version at triage time: 2026.2.17 Impact Thi...

Binding to an Unrestricted IP Address

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Binding to an Unrestricted IP Address via ensureChromeExtensionRelayServer. An attacker can access relay HTTP endpoints from off-host locations by passing a wildcard cdpUrl, potentially...

GHSA-QW99-GRCX-4PVM OpenClaw's Chrome extension relay binds publicly due to wildcard treated as loopback

Summary The Chrome extension relay ensureChromeExtensionRelayServer previously treated wildcard hosts 0.0.0.0 / :: as loopback, which could make it bind the relay HTTP/WS server to all interfaces when a wildcard cdpUrl was passed. Impact If configured with a wildcard cdpUrl, relay HTTP endpoints...

Malicious code in chrome-extension-message-relay (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 422f9abdd9d35628def10118ea6412b99c816f1ec94c49b3596d5fb8feef5d7e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...