{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-26317", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-13T16:27:51.807Z", "datePublished": "2026-02-19T21:34:27.786Z", "dateUpdated": "2026-02-20T15:41:39.603Z"}, "containers": {"cna": {"title": "OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints", "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "lang": "en", "description": "CWE-352: Cross-Site Request Forgery (CSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3fqr-4cg8-h96q", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3fqr-4cg8-h96q"}, {"name": "https://github.com/openclaw/openclaw/commit/b566b09f81e2b704bf9398d8d97d5f7a90aa94c3", "tags": ["x_refsource_MISC"], "url": "https://github.com/openclaw/openclaw/commit/b566b09f81e2b704bf9398d8d97d5f7a90aa94c3"}, {"name": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14", "tags": ["x_refsource_MISC"], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14"}], "affected": [{"vendor": "openclaw", "product": "openclaw", "versions": [{"version": "< 2026.2.14", "status": "affected"}]}, {"vendor": "openclaw", "product": "clawdbot", "versions": [{"version": "<= 2026.1.24-3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-19T21:34:27.786Z"}, "descriptions": [{"lang": "en", "value": "OpenClaw is a personal AI assistant. Prior to 2026.2.14, browser-facing localhost mutation routes accepted cross-origin browser requests without explicit Origin/Referer validation. Loopback binding reduces remote exposure but does not prevent browser-initiated requests from malicious origins. A malicious website can trigger unauthorized state changes against a victim's local OpenClaw browser control plane (for example opening tabs, starting/stopping the browser, mutating storage/cookies) if the browser control service is reachable on loopback in the victim's browser context. Starting in version 2026.2.14, mutating HTTP methods (POST/PUT/PATCH/DELETE) are rejected when the request indicates a non-loopback Origin/Referer (or `Sec-Fetch-Site: cross-site`). Other mitigations include enabling browser control auth (token/password) and avoid running with auth disabled."}], "source": {"advisory": "GHSA-3fqr-4cg8-h96q", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-20T15:27:31.698114Z", "id": "CVE-2026-26317", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-20T15:41:39.603Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-26317", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-20T15:27:31.698114Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-20T15:27:33.425Z"}}], "cna": {"title": "OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints", "source": {"advisory": "GHSA-3fqr-4cg8-h96q", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "openclaw", "product": "openclaw", "versions": [{"status": "affected", "version": "< 2026.2.14"}]}, {"vendor": "openclaw", "product": "clawdbot", "versions": [{"status": "affected", "version": "<= 2026.1.24-3"}]}], "references": [{"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3fqr-4cg8-h96q", "name": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3fqr-4cg8-h96q", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/openclaw/openclaw/commit/b566b09f81e2b704bf9398d8d97d5f7a90aa94c3", "name": "https://github.com/openclaw/openclaw/commit/b566b09f81e2b704bf9398d8d97d5f7a90aa94c3", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14", "name": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "OpenClaw is a personal AI assistant. Prior to 2026.2.14, browser-facing localhost mutation routes accepted cross-origin browser requests without explicit Origin/Referer validation. Loopback binding reduces remote exposure but does not prevent browser-initiated requests from malicious origins. A malicious website can trigger unauthorized state changes against a victim's local OpenClaw browser control plane (for example opening tabs, starting/stopping the browser, mutating storage/cookies) if the browser control service is reachable on loopback in the victim's browser context. Starting in version 2026.2.14, mutating HTTP methods (POST/PUT/PATCH/DELETE) are rejected when the request indicates a non-loopback Origin/Referer (or `Sec-Fetch-Site: cross-site`). Other mitigations include enabling browser control auth (token/password) and avoid running with auth disabled."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352: Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-19T21:34:27.786Z"}}}, "cveMetadata": {"cveId": "CVE-2026-26317", "state": "PUBLISHED", "dateUpdated": "2026-02-20T15:41:39.603Z", "dateReserved": "2026-02-13T16:27:51.807Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-19T21:34:27.786Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "0F3079A3-9FBD-4E87-821D-5CAF0622C555", "versionEndExcluding": "2026.2.14", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenClaw is a personal AI assistant. Prior to 2026.2.14, browser-facing localhost mutation routes accepted cross-origin browser requests without explicit Origin/Referer validation. Loopback binding reduces remote exposure but does not prevent browser-initiated requests from malicious origins. A malicious website can trigger unauthorized state changes against a victim's local OpenClaw browser control plane (for example opening tabs, starting/stopping the browser, mutating storage/cookies) if the browser control service is reachable on loopback in the victim's browser context. Starting in version 2026.2.14, mutating HTTP methods (POST/PUT/PATCH/DELETE) are rejected when the request indicates a non-loopback Origin/Referer (or `Sec-Fetch-Site: cross-site`). Other mitigations include enabling browser control auth (token/password) and avoid running with auth disabled."}, {"lang": "es", "value": "OpenClaw es un asistente personal de IA. Antes de la versi\u00f3n 2026.2.14, las rutas de mutaci\u00f3n de localhost orientadas al navegador aceptaban solicitudes de navegador de origen cruzado sin validaci\u00f3n expl\u00edcita de Origin/Referer. La vinculaci\u00f3n de bucle invertido reduce la exposici\u00f3n remota, pero no evita las solicitudes iniciadas por el navegador desde or\u00edgenes maliciosos. Un sitio web malicioso puede desencadenar cambios de estado no autorizados contra el plano de control del navegador OpenClaw local de una v\u00edctima (por ejemplo, abrir pesta\u00f1as, iniciar/detener el navegador, mutar almacenamiento/cookies) si el servicio de control del navegador es accesible en bucle invertido en el contexto del navegador de la v\u00edctima. A partir de la versi\u00f3n 2026.2.14, los m\u00e9todos HTTP mutantes (POST/PUT/PATCH/DELETE) son rechazados cuando la solicitud indica un Origin/Referer que no es de bucle invertido (o 'Sec-Fetch-Site: cross-site'). Otras mitigaciones incluyen habilitar la autenticaci\u00f3n de control del navegador (token/contrase\u00f1a) y evitar ejecutar con la autenticaci\u00f3n deshabilitada."}], "id": "CVE-2026-26317", "lastModified": "2026-02-26T18:39:50.060", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-19T22:16:47.270", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/openclaw/openclaw/commit/b566b09f81e2b704bf9398d8d97d5f7a90aa94c3"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3fqr-4cg8-h96q"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"created": "2026-02-20T09:53:50.914212+00:00", "updated": "2026-02-20T09:53:50.914314+00:00", "vendors": ["openclaw", "openclaw$PRODUCT$clawdbot", "openclaw$PRODUCT$openclaw"]}