Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
6.3

OpenClaw Chrome Extension Relay Server Exposes Relay Endpoints to Remote Attack

CVE-2026-28395 GHSA-qw99-grcx-4pvm
Summary

The OpenClaw Chrome extension relay server has a security flaw that allows hackers to access sensitive information and disrupt the relay service. This issue affects OpenClaw version 2026.1.14-1 and earlier. To fix the issue, update to OpenClaw version 2026.2.12 or later.

What to do
  • Update steipete openclaw to version 2026.2.12.
Affected software
VendorProductAffected versionsFix available
steipete openclaw > 2026.1.14-1 , <= 2026.2.12 2026.2.12
openclaw openclaw > 2026.1.14-1 , <= 2026.2.12 –
Original title
OpenClaw version 2026.1.14-1 prior to 2026.2.12 contain an improper network binding vulnerability in the Chrome extension (must be installed and enabled) relay server that treats wildcard hosts as ...
Original description
OpenClaw version 2026.1.14-1 prior to 2026.2.12 contain an improper network binding vulnerability in the Chrome extension (must be installed and enabled) relay server that treats wildcard hosts as loopback addresses, allowing the relay HTTP/WS server to bind to all interfaces when a wildcard cdpUrl is configured. Remote attackers can access relay HTTP endpoints off-host to leak service presence and port information, or conduct denial-of-service and brute-force attacks against the relay token header.
nvd CVSS3.1 6.5
nvd CVSS4.0 6.3
Vulnerability type
CWE-1327
CWE-284 Improper Access Control
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026