Description
OpenClaw before 2026.4.9 contains a file read vulnerability allowing attackers to bypass navigation guards through browser act/evaluate interactions. Attackers can pivot into the local CDP origin and create or read disallowed file:// pages despite direct navigation policy restrictions.
Published: 2026-05-06
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenClaw before 2026.4.9 contains a file read vulnerability that enables attackers to bypass navigation guards using browser act/evaluate interactions. Attackers can pivot into the local CDP origin and create or read disallowed file:// pages despite normal navigation policy restrictions, allowing unauthorized access to sensitive files on the host system.

Affected Systems

The vulnerability affects OpenClaw versions earlier than 2026.4.9. The affected product is the OpenClaw application bundled with Node.js, version specification not detailed beyond the noted cutoff.

Risk and Exploitability

The CVSS score of 7.1 indicates a high severity with potential confidentiality impact. EPSS is not available, and the vulnerability is not listed in CISA KEV. The likely attack vector is through a browser interaction that forces the application to load file:// URLs, so it requires a user to open a crafted link or malicious page; remote exploitation over the network is unlikely without this user interaction.

Generated by OpenCVE AI on May 6, 2026 at 21:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update OpenClaw to version 2026.4.9 or later to apply the vendor patch.
  • If an update is not immediately available, disable or restrict the browser act/evaluate interface so that the application cannot pivot to the local CDP origin.
  • Implement monitoring of file:// access patterns and log CDP origin activity to detect potential misuse.

Generated by OpenCVE AI on May 6, 2026 at 21:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 06 May 2026 20:15:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.4.9 contains a file read vulnerability allowing attackers to bypass navigation guards through browser act/evaluate interactions. Attackers can pivot into the local CDP origin and create or read disallowed file:// pages despite direct navigation policy restrictions.
Title OpenClaw < 2026.4.9 - Arbitrary File Read via Browser Interaction Routes
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-862
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-06T19:49:21.091Z

Reserved: 2026-05-01T17:00:54.537Z

Link: CVE-2026-43577

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-06T20:16:33.377

Modified: 2026-05-06T21:21:14.220

Link: CVE-2026-43577

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T23:00:14Z

Weaknesses