4 matches found
CVE-2026-43575
OpenClaw versions 2026.2.21 before 2026.4.10 contain an authentication bypass vulnerability in the sandbox noVNC helper route that exposes interactive browser session credentials. Attackers can access the noVNC helper route without bridge authentication to gain unauthorized access to the...
GHSA-92JP-89MQ-4374 OpenClaw: Sandbox noVNC helper route exposed interactive browser session credentials
Summary Sandbox noVNC helper route exposed interactive browser session credentials. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.2.21 = 2026.4.10 Impact The sandbox noVNC helper route could be reached without the intended bridge authentication,...
OpenClaw: Sandbox noVNC helper route exposed interactive browser session credentials
Summary Sandbox noVNC helper route exposed interactive browser session credentials. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.2.21 = 2026.4.10 Impact The sandbox noVNC helper route could be reached without the intended bridge authentication,...
Missing Authentication for Critical Function
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the sandbox noVNC helper route. An attacker can gain unauthorized access to interactive browser session credentials by bypassing bridge...