Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.1
macOS OpenClaw Allows Attackers to Steal User Credentials
GHSA-q9w8-cf67-r238
Summary
A vulnerability in the macOS OpenClaw package allows attackers who are on the same network as the user to trick the system into thinking they are a trusted authority and steal the user's login credentials. This can happen if the attacker is able to trick a trusted device on the network into sending false information. Users should update to the latest version of OpenClaw (version 2026.3.31) to fix this issue.
What to do
- Update openclaw to version 2026.3.31.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.3.28 | 2026.3.31 |
Original title
OpenClaw: macOS Tailnet DNS Spoofing & Credential Exfiltration
Original description
## Summary
macOS Wide-Area Discovery Accepts Arbitrary Tailnet Peer as DNS Authority and Exfiltrates Operator Credentials
## Current Maintainer Triage
- Status: narrow
- Normalized severity: medium
- Assessment: Real shipped macOS discovery steering bug, but exploitation needs same-tailnet position, a CA-trusted endpoint, and user selection, so medium not high.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published npm version: `2026.3.31`
- Vulnerable version range: `<=2026.3.28`
- Patched versions: `>= 2026.3.31`
- First stable tag containing the fix: `v2026.3.31`
## Fix Commit(s)
- `a23c33a681f8c1b22dc793995acc4c5c4b568346` — 2026-03-31T10:04:11+01:00
OpenClaw thanks @nexrin for reporting.
macOS Wide-Area Discovery Accepts Arbitrary Tailnet Peer as DNS Authority and Exfiltrates Operator Credentials
## Current Maintainer Triage
- Status: narrow
- Normalized severity: medium
- Assessment: Real shipped macOS discovery steering bug, but exploitation needs same-tailnet position, a CA-trusted endpoint, and user selection, so medium not high.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published npm version: `2026.3.31`
- Vulnerable version range: `<=2026.3.28`
- Patched versions: `>= 2026.3.31`
- First stable tag containing the fix: `v2026.3.31`
## Fix Commit(s)
- `a23c33a681f8c1b22dc793995acc4c5c4b568346` — 2026-03-31T10:04:11+01:00
OpenClaw thanks @nexrin for reporting.
ghsa CVSS4.0
7.1
Vulnerability type
CWE-346
CWE-350
Published: 3 Apr 2026 · Updated: 3 Apr 2026 · First seen: 3 Apr 2026