Main Vulnerability Database Vulnerabilities #VU126443

Improper access control in OpenClaw - #VU126443

Published: April 17, 2026

Vulnerability identifier: #VU126443

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: OpenClaw

Affected software:
OpenClaw

Detailed vulnerability description

The vulnerability allows a remote attacker to access an interactive browser session surface.

The vulnerability exists due to improper access control in the sandbox noVNC helper route when handling requests without the intended bridge authentication. A remote attacker can reach the helper route to access an interactive browser session surface.

Remediation

Install security update from vendor's website.

Sources

https://github.com/openclaw/openclaw/security/advisories/GHSA-92jp-89mq-4374

Improper access control in OpenClaw - #VU126443

Detailed vulnerability description

Remediation

Sources

Please verify you're human