Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
OpenClaw browser vulnerability allows file access by authenticated users
GHSA-45cg-2683-gfmq
Summary
An authenticated user with browser tool access can access local files by navigating to file URLs in the OpenClaw browser. This is a security risk because it allows sensitive information to be accessed. To fix this, OpenClaw will block access to non-network URLs like file:// in the next release, which is expected to be version 2026.2.21.
What to do
- Update openclaw to version 2026.2.21.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.2.21 | 2026.2.21 |
Original title
OpenClaw browser navigation guard allowed non-network URL schemes, enabling authenticated browser-tool users to access file:// local files
Original description
## Impact
`assertBrowserNavigationAllowed()` validated only `http:`/`https:` network targets but implicitly allowed other schemes. An authenticated gateway user could navigate browser sessions to `file://` URLs and read local files via browser snapshot/extraction flows.
## Affected Component
- `src/browser/navigation-guard.ts`
## Technical Reproduction
1. Authenticate to a gateway that has browser tooling enabled.
2. Invoke browser navigation with a `file://` URL (for example `file:///etc/passwd`).
3. Read page content through browser snapshot/extract actions.
## Demonstrated Impact
An attacker with valid gateway credentials and browser-tool access can exfiltrate local files readable by the OpenClaw process user (for example config/secrets in that user context).
## Environment
- OpenClaw browser tool enabled
- Attacker has authenticated access capable of invoking browser actions
## Remediation Advice
Reject unsupported navigation schemes and allow only explicitly safe non-network URLs. OpenClaw now blocks non-network schemes (such as `file:`, `data:`, and `javascript:`) while preserving `about:blank`.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected versions: `<= 2026.2.19-2`
- Patched in planned next release: `2026.2.21`
## Fix Commit(s)
- `220bd95eff6838234e8b4b711f86d4565e16e401`
## Release Process Note
`patched_versions` is pre-set to the planned next release (`2026.2.21`) so once npm `2026.2.21` is published, the advisory can be published directly.
OpenClaw thanks @q1uf3ng for reporting.
`assertBrowserNavigationAllowed()` validated only `http:`/`https:` network targets but implicitly allowed other schemes. An authenticated gateway user could navigate browser sessions to `file://` URLs and read local files via browser snapshot/extraction flows.
## Affected Component
- `src/browser/navigation-guard.ts`
## Technical Reproduction
1. Authenticate to a gateway that has browser tooling enabled.
2. Invoke browser navigation with a `file://` URL (for example `file:///etc/passwd`).
3. Read page content through browser snapshot/extract actions.
## Demonstrated Impact
An attacker with valid gateway credentials and browser-tool access can exfiltrate local files readable by the OpenClaw process user (for example config/secrets in that user context).
## Environment
- OpenClaw browser tool enabled
- Attacker has authenticated access capable of invoking browser actions
## Remediation Advice
Reject unsupported navigation schemes and allow only explicitly safe non-network URLs. OpenClaw now blocks non-network schemes (such as `file:`, `data:`, and `javascript:`) while preserving `about:blank`.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected versions: `<= 2026.2.19-2`
- Patched in planned next release: `2026.2.21`
## Fix Commit(s)
- `220bd95eff6838234e8b4b711f86d4565e16e401`
## Release Process Note
`patched_versions` is pre-set to the planned next release (`2026.2.21`) so once npm `2026.2.21` is published, the advisory can be published directly.
OpenClaw thanks @q1uf3ng for reporting.
ghsa CVSS3.1
6.5
Vulnerability type
CWE-610
Published: 3 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026