Johnatzeropath

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions 2026.1.20 through 2026.2.0 moltbot versions 0.1.0 and earlier **Description** The Browser Relay `/cdp` WebSocket endpoint did not require authentication, allowing websites to connect via loopback and access sensitive data. Attackers can connect to `ws://127.0.0.1:18792/cdp` to steal session cookies and execute JavaScript in other browser tabs. Users must have the Browser Relay extension installed and active, and must visit an untrusted site for exploitation to occur. The vulnerable component exposes a local WebSocket endpoint for forwarding Chrome DevTools Protocol (CDP) messages. The `/cdp` upgrade path verified the TCP peer was loopback but did not require a shared secret and did not block browser-initiated cross-origin requests. **Recommendations** Update to OpenClaw version 2026.2.1 or later. If you cannot update immediately, disable the Browser Relay extension or relay server and avoid visiting untrusted sites.