Description
OpenClaw before 2026.4.10 contains an incomplete navigation guard vulnerability that allows attackers to trigger navigation without complete SSRF policy enforcement. Browser press/type style interactions, including pressKey and type submit flows, can bypass post-action security checks to execute unauthorized navigation.
Published: 2026-05-06
Score: 4.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenClaw versions prior to 2026.4.10 contain an incomplete navigation guard that allows navigation actions to be initiated without the full Server‑Side Request Forgery policy being applied. Browser‑based interactions such as pressKey events and type submit flows can bypass the post‑action security checks, leading the application to navigate to unintended or internal URLs without verification.

Affected Systems

The affected vendor is OpenClaw and the product is the OpenClaw application built on Node.js. All releases before version 2026.4.10 are impacted, irrespective of deployment environment. Updating to any release 2026.4.10 or newer eliminates the issue.

Risk and Exploitability

The CVSS score for this vulnerability is 4.9, indicating a moderate severity. EPSS data is unavailable, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a browser context where an attacker can provide input that triggers pressKey or type submit events, requiring UI interactions that expose untrusted input to the application. Exploitation is limited to environments that expose such UI flows, and there are no documented public exploits at this time.

Generated by OpenCVE AI on May 6, 2026 at 21:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to OpenClaw 2026.4.10 or newer to replace the incomplete navigation guard with the fixed implementation.
  • Audit the SSRF policy enforcement to verify that all navigation events, including pressKey and type submit, are guarded before external requests are made.
  • Disable or restrict browser interactions that can invoke navigation without proper guard checks, such as removing pressKey and type submit handlers from untrusted components.

Generated by OpenCVE AI on May 6, 2026 at 21:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 06 May 2026 20:15:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.4.10 contains an incomplete navigation guard vulnerability that allows attackers to trigger navigation without complete SSRF policy enforcement. Browser press/type style interactions, including pressKey and type submit flows, can bypass post-action security checks to execute unauthorized navigation.
Title OpenClaw < 2026.4.10 - Incomplete Navigation Guard Coverage in Browser Interactions
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-862
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N'}

cvssV4_0

{'score': 4.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-07T12:31:58.713Z

Reserved: 2026-05-01T17:00:54.537Z

Link: CVE-2026-43580

cve-icon Vulnrichment

Updated: 2026-05-07T12:31:51.334Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T20:16:33.783

Modified: 2026-05-07T14:41:27.133

Link: CVE-2026-43580

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T22:15:13Z

Weaknesses