Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.1
OpenClaw allows attackers to hijack connections and credentials
CVE-2026-26327
GHSA-pv58-549p-qh99
Summary
A vulnerability in OpenClaw allows an attacker on a shared network to trick devices into connecting to a fake endpoint and accepting a fake certificate, potentially stealing login credentials. This issue affects devices that use OpenClaw on a shared or untrusted network, such as developers testing the software or users in a public Wi-Fi environment. To protect yourself, update to the latest version of OpenClaw, which has been fixed to prevent this issue.
What to do
- Update steipete openclaw to version 2026.2.14.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| steipete | openclaw | <= 2026.2.14 | 2026.2.14 |
| openclaw | openclaw | <= 2026.2.14 | – |
Original title
OpenClaw allows unauthenticated discovery TXT records to steer routing and TLS pinning
Original description
## Summary
Discovery beacons (Bonjour/mDNS and DNS-SD) include TXT records such as `lanHost`, `tailnetDns`, `gatewayPort`, and `gatewayTlsSha256`. TXT records are unauthenticated.
Prior to the fix, some clients treated TXT values as authoritative routing/pinning inputs:
- iOS and macOS: used TXT-provided host hints (`lanHost`/`tailnetDns`) and ports (`gatewayPort`) to build the connection URL.
- iOS and Android: allowed the discovery-provided TLS fingerprint (`gatewayTlsSha256`) to override a previously stored TLS pin.
On a shared/untrusted LAN, an attacker could advertise a rogue `_openclaw-gw._tcp` service. This could cause a client to connect to an attacker-controlled endpoint and/or accept an attacker certificate, potentially exfiltrating Gateway credentials (`auth.token` / `auth.password`) during connection.
## Distribution / Exposure
The iOS and Android apps are currently alpha/not broadly shipped (no public App Store / Play Store release). Practical impact is primarily limited to developers/testers running those builds, plus any other shipped clients relying on discovery on a shared/untrusted LAN.
CVSS can still be used for the technical (base) severity of the bug; limited distribution primarily affects environmental risk.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected: `<= 2026.2.13` (latest published on npm as of 2026-02-14)
- Patched: planned for `>= 2026.2.14` (not yet published at time of writing)
## Fix
- Clients now prefer the resolved service endpoint (SRV + A/AAAA) over TXT-provided routing hints.
- Discovery-provided fingerprints no longer override stored TLS pins.
- iOS/Android: first-time TLS pins require explicit user confirmation (fingerprint shown; no silent TOFU).
- iOS/Android: discovery-based direct connects are TLS-only.
- Android: hostname verification is no longer globally disabled (only bypassed when pinning).
## Fix Commit(s)
- d583782ee322a6faa1fe87ae52455e0d349de586
## Credits
Thanks @simecek for reporting.
Discovery beacons (Bonjour/mDNS and DNS-SD) include TXT records such as `lanHost`, `tailnetDns`, `gatewayPort`, and `gatewayTlsSha256`. TXT records are unauthenticated.
Prior to the fix, some clients treated TXT values as authoritative routing/pinning inputs:
- iOS and macOS: used TXT-provided host hints (`lanHost`/`tailnetDns`) and ports (`gatewayPort`) to build the connection URL.
- iOS and Android: allowed the discovery-provided TLS fingerprint (`gatewayTlsSha256`) to override a previously stored TLS pin.
On a shared/untrusted LAN, an attacker could advertise a rogue `_openclaw-gw._tcp` service. This could cause a client to connect to an attacker-controlled endpoint and/or accept an attacker certificate, potentially exfiltrating Gateway credentials (`auth.token` / `auth.password`) during connection.
## Distribution / Exposure
The iOS and Android apps are currently alpha/not broadly shipped (no public App Store / Play Store release). Practical impact is primarily limited to developers/testers running those builds, plus any other shipped clients relying on discovery on a shared/untrusted LAN.
CVSS can still be used for the technical (base) severity of the bug; limited distribution primarily affects environmental risk.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected: `<= 2026.2.13` (latest published on npm as of 2026-02-14)
- Patched: planned for `>= 2026.2.14` (not yet published at time of writing)
## Fix
- Clients now prefer the resolved service endpoint (SRV + A/AAAA) over TXT-provided routing hints.
- Discovery-provided fingerprints no longer override stored TLS pins.
- iOS/Android: first-time TLS pins require explicit user confirmation (fingerprint shown; no silent TOFU).
- iOS/Android: discovery-based direct connects are TLS-only.
- Android: hostname verification is no longer globally disabled (only bypassed when pinning).
## Fix Commit(s)
- d583782ee322a6faa1fe87ae52455e0d349de586
## Credits
Thanks @simecek for reporting.
nvd CVSS3.1
6.5
nvd CVSS4.0
7.1
Vulnerability type
CWE-345
- https://github.com/openclaw/openclaw/releases/tag/v2026.2.14 Product Release Notes
- https://github.com/openclaw/openclaw/security/advisories/GHSA-pv58-549p-qh99 Patch Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-26327
- https://github.com/advisories/GHSA-pv58-549p-qh99
- https://github.com/openclaw/openclaw/commit/d583782ee322a6faa1fe87ae52455e0d349d... Patch
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026