Main Vulnerability Database Vulnerabilities #VU128589

Improper access control in OpenClaw - #VU128589

Published: April 30, 2026

Vulnerability identifier: #VU128589

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: N/A

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: OpenClaw

Affected software:
OpenClaw

Detailed vulnerability description

The vulnerability allows a remote attacker to access the Chrome DevTools Protocol outside the intended local or sandbox source range.

The vulnerability exists due to improper access control in the sandbox browser CDP relay when handling DevTools protocol connections. A remote attacker can connect to the exposed relay interface to access the Chrome DevTools Protocol outside the intended local or sandbox source range.

Remediation

Install security update from vendor's website.

Sources

https://github.com/openclaw/openclaw/security/advisories/GHSA-525j-hqq2-66r4
https://github.com/openclaw/openclaw/pull/61404

Improper access control in OpenClaw - #VU128589

Detailed vulnerability description

Remediation

Sources

Please verify you're human