Description
OpenClaw before 2026.4.2 contains an improper access control vulnerability in the iOS A2UI bridge that treats generic local-network pages as trusted origins. Attackers can inject unauthorized agent.request runs by loading attacker-controlled pages from local-network or tailnet hosts, polluting session state and consuming budget.
Published: 2026-04-28
Score: 2.1 Low
EPSS: n/a
KEV: No
Impact: Unauthorized agent request dispatch
Action: Patch
AI Analysis

Impact

The vulnerability in OpenClaw’s iOS A2UI bridge allows agents to execute unauthorized requests. By treating generic local‑network pages as trusted origins, the system accepts agent.request calls from attacker‑controlled sources. This can corrupt session state and deplete allotted resources, but does not provide arbitrary code execution or direct access to protected data. The weakness is identified as CWE‑346, improper access control.

Affected Systems

Versions of OpenClaw prior to 2026.4.2 are affected. The issue resides in the iOS A2UI bridge component, which processes web page origins without adequate validation. Users running any configuration that loads local‑network or tailnet hosts through the bridge are at risk.

Risk and Exploitability

The CVSS score of 2.1 indicates a low severity assessment. EPSS data is not available, and the vulnerability is not listed in CISA’s KEV catalog, suggesting that widespread exploitation is unlikely at present. The attack likely requires the attacker to serve a malicious page over the local network or tailnet that the device accesses via the A2UI bridge; no remote network access is needed. While the exploit can disrupt a session and waste budget, it does not compromise confidentiality or integrity beyond the affected application context.

Generated by OpenCVE AI on April 29, 2026 at 01:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.4.2 or later where the A2UI bridge validates page origins and blocks malicious agent.request calls.
  • Configure the application to disallow loading local‑network or tailnet hosts through the A2UI bridge, ensuring only trusted origins are processed.
  • Monitor session logs and alert administrators of unauthorized agent.request activity to detect potential misuse.

Generated by OpenCVE AI on April 29, 2026 at 01:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.4.2 contains an improper access control vulnerability in the iOS A2UI bridge that treats generic local-network pages as trusted origins. Attackers can inject unauthorized agent.request runs by loading attacker-controlled pages from local-network or tailnet hosts, polluting session state and consuming budget.
Title OpenClaw - Unauthorized Agent Request Dispatch via Untrusted Local-Network Pages in iOS A2UI Bridge
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-346
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 4.6, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L'}

cvssV4_0

{'score': 2.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-29T12:17:40.590Z

Reserved: 2026-04-20T14:13:45.349Z

Link: CVE-2026-41398

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-28T19:37:43.287

Modified: 2026-04-28T20:10:23.367

Link: CVE-2026-41398

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T01:30:06Z

Weaknesses