Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.1
OpenClaw Browser Control Plane Exposed to Malicious Websites
CVE-2026-26317
GHSA-3fqr-4cg8-h96q
Summary
A vulnerability in OpenClaw and Clawdbot allows malicious websites to control a user's browser, potentially opening tabs, stopping the browser, or changing settings. This can happen if the browser control service is reachable on the same computer and the user hasn't enabled authentication. To fix this, update to the latest version of OpenClaw and Clawdbot or enable authentication for the browser control plane.
What to do
- Update steipete openclaw to version 2026.2.14.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| steipete | openclaw | <= 2026.2.14 | 2026.2.14 |
| steipete | clawdbot | <= 2026.1.24-3 | – |
| openclaw | openclaw | <= 2026.2.14 | – |
Original title
OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints
Original description
## Summary
Browser-facing localhost mutation routes accepted cross-origin browser requests without explicit Origin/Referer validation. Loopback binding reduces remote exposure but does not prevent browser-initiated requests from malicious origins.
## Impact
A malicious website can trigger unauthorized state changes against a victim's local OpenClaw browser control plane (for example opening tabs, starting/stopping the browser, mutating storage/cookies) if the browser control service is reachable on loopback in the victim's browser context.
## Affected Packages / Versions
- openclaw (npm): <= 2026.2.13
- clawdbot (npm): <= 2026.1.24-3
## Details
The browser control servers bind to loopback but exposed mutating HTTP endpoints without a CSRF-style guard. Browsers may send cross-origin requests to loopback addresses; without explicit validation, state-changing operations could be triggered from a non-loopback Origin/Referer.
## Fix
Mutating HTTP methods (POST/PUT/PATCH/DELETE) are rejected when the request indicates a non-loopback Origin/Referer (or `Sec-Fetch-Site: cross-site`).
## Fix Commit(s)
- openclaw/openclaw: b566b09f81e2b704bf9398d8d97d5f7a90aa94c3
## Workarounds / Mitigations
- Enable browser control auth (token/password) and avoid running with auth disabled.
- Upgrade to a release that includes the fix.
## Credits
- Reporter: @vincentkoc
## Release Process Note
`patched_versions` is set to the planned next release version. Once that npm release is published, the advisory should be ready to publish with no further edits.
Browser-facing localhost mutation routes accepted cross-origin browser requests without explicit Origin/Referer validation. Loopback binding reduces remote exposure but does not prevent browser-initiated requests from malicious origins.
## Impact
A malicious website can trigger unauthorized state changes against a victim's local OpenClaw browser control plane (for example opening tabs, starting/stopping the browser, mutating storage/cookies) if the browser control service is reachable on loopback in the victim's browser context.
## Affected Packages / Versions
- openclaw (npm): <= 2026.2.13
- clawdbot (npm): <= 2026.1.24-3
## Details
The browser control servers bind to loopback but exposed mutating HTTP endpoints without a CSRF-style guard. Browsers may send cross-origin requests to loopback addresses; without explicit validation, state-changing operations could be triggered from a non-loopback Origin/Referer.
## Fix
Mutating HTTP methods (POST/PUT/PATCH/DELETE) are rejected when the request indicates a non-loopback Origin/Referer (or `Sec-Fetch-Site: cross-site`).
## Fix Commit(s)
- openclaw/openclaw: b566b09f81e2b704bf9398d8d97d5f7a90aa94c3
## Workarounds / Mitigations
- Enable browser control auth (token/password) and avoid running with auth disabled.
- Upgrade to a release that includes the fix.
## Credits
- Reporter: @vincentkoc
## Release Process Note
`patched_versions` is set to the planned next release version. Once that npm release is published, the advisory should be ready to publish with no further edits.
nvd CVSS3.1
7.1
Vulnerability type
CWE-352
Cross-Site Request Forgery (CSRF)
- https://nvd.nist.gov/vuln/detail/CVE-2026-26317
- https://github.com/advisories/GHSA-3fqr-4cg8-h96q
- https://github.com/openclaw/openclaw/commit/b566b09f81e2b704bf9398d8d97d5f7a90aa... Patch
- https://github.com/openclaw/openclaw/releases/tag/v2026.2.14 Release Notes
- https://github.com/openclaw/openclaw/security/advisories/GHSA-3fqr-4cg8-h96q Patch Vendor Advisory
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026