Main Vulnerability Database Vulnerabilities #VU125179

#VU125179 Improper input validation in OpenClaw

Published: April 8, 2026

Vulnerability identifier: #VU125179

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-20

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
OpenClaw

Software vendor:
OpenClaw

Description

The vulnerability allows a remote attacker to influence CLI routing.

The vulnerability exists due to improper endpoint validation in bonjour and DNS-SD discovery handling when processing TXT-only discovery metadata after service resolution fails. A remote attacker can advertise specially crafted discovery metadata to influence CLI routing.

The issue occurs when unresolved TXT host and port hints are used to choose the target despite failed service resolution.

Remediation

Install security update from vendor's website.

External links

https://github.com/openclaw/openclaw/security/advisories/GHSA-rvqr-hrcc-j9vv

#VU125179 Improper input validation in OpenClaw

Description

Remediation

External links

Please verify you're human