Improper input validation in OpenClaw - #VU125179

 

Improper input validation in OpenClaw - #VU125179

Published: April 8, 2026


Vulnerability identifier: #VU125179
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-20
Exploitation vector: Adjecent network
Exploit availability: No public exploit available
Vendor: OpenClaw
Affected software:
OpenClaw

Detailed vulnerability description

The vulnerability allows a remote attacker to influence CLI routing.

The vulnerability exists due to improper endpoint validation in bonjour and DNS-SD discovery handling when processing TXT-only discovery metadata after service resolution fails. A remote attacker can advertise specially crafted discovery metadata to influence CLI routing.

The issue occurs when unresolved TXT host and port hints are used to choose the target despite failed service resolution.


Remediation

Install security update from vendor's website.

Sources