Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.2
CVE-2026-43575: OpenClaw 2026.2.21 lacks noVNC helper route authentication
CVE-2026-43575
Summary
Old versions of OpenClaw have a security weakness that lets hackers access browser sessions without proper permission. This could allow unauthorized access to sensitive information or actions. Update to OpenClaw 2026.4.10 or later to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions |
|---|---|---|
| openclaw | openclaw |
>= 2026.2.21, < 2026.4.10 cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:* |
Original title
OpenClaw versions 2026.2.21 before 2026.4.10 contain an authentication bypass vulnerability in the sandbox noVNC helper route that exposes interactive browser session credentials. Attackers can acc...
Original description
OpenClaw versions 2026.2.21 before 2026.4.10 contain an authentication bypass vulnerability in the sandbox noVNC helper route that exposes interactive browser session credentials. Attackers can access the noVNC helper route without bridge authentication to gain unauthorized access to the interactive browser session.
nvd CVSS3.1
9.8
nvd CVSS4.0
9.2
Vulnerability type
CWE-862
Missing Authorization
Published: 6 May 2026 · Updated: 1 Jun 2026 · First seen: 7 May 2026