Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.8
macOS OpenClaw App Allows Hackers to Steal Credentials
GHSA-q9w8-cf67-r238
Summary
A vulnerability in the OpenClaw app on macOS allows hackers to impersonate a trusted DNS server and steal sensitive user credentials. This can happen if the attacker is on the same network as the user and the user has authorized a trusted server. Users who use OpenClaw version 2026.3.28 or earlier should update to version 2026.3.31 or later to fix the issue.
What to do
- Update openclaw to version 2026.3.31.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.3.31 | 2026.3.31 |
Original title
OpenClaw: macOS Tailnet DNS Spoofing & Credential Exfiltration
Original description
## Summary
macOS Wide-Area Discovery Accepts Arbitrary Tailnet Peer as DNS Authority and Exfiltrates Operator Credentials
## Current Maintainer Triage
- Status: narrow
- Normalized severity: medium
- Assessment: Real shipped macOS discovery steering bug, but exploitation needs same-tailnet position, a CA-trusted endpoint, and user selection, so medium not high.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published npm version: `2026.3.31`
- Vulnerable version range: `<=2026.3.28`
- Patched versions: `>= 2026.3.31`
- First stable tag containing the fix: `v2026.3.31`
## Fix Commit(s)
- `a23c33a681f8c1b22dc793995acc4c5c4b568346` — 2026-03-31T10:04:11+01:00
OpenClaw thanks @nexrin for reporting.
macOS Wide-Area Discovery Accepts Arbitrary Tailnet Peer as DNS Authority and Exfiltrates Operator Credentials
## Current Maintainer Triage
- Status: narrow
- Normalized severity: medium
- Assessment: Real shipped macOS discovery steering bug, but exploitation needs same-tailnet position, a CA-trusted endpoint, and user selection, so medium not high.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published npm version: `2026.3.31`
- Vulnerable version range: `<=2026.3.28`
- Patched versions: `>= 2026.3.31`
- First stable tag containing the fix: `v2026.3.31`
## Fix Commit(s)
- `a23c33a681f8c1b22dc793995acc4c5c4b568346` — 2026-03-31T10:04:11+01:00
OpenClaw thanks @nexrin for reporting.
osv CVSS4.0
7.8
Vulnerability type
CWE-346
CWE-350
Published: 3 Apr 2026 · Updated: 3 Apr 2026 · First seen: 3 Apr 2026