CVE-2026-26327

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14

Description OpenClaw is a personal AI assistant that utilizes discovery beacons (Bonjour/mDNS and DNS-SD) which include TXT records such as lanHost, tailnetDns, gatewayPort, and gatewayTlsSha256. These TXT records are unauthenticated. Prior to version 2026.2.14, clients treated these TXT values as authoritative for routing and TLS pinning. Specifically, iOS and macOS used the lanHost and tailnetDns host hints, and the gatewayPort to construct the connection URL. iOS and Android allowed the gatewayTlsSha256 fingerprint from discovery to override previously stored TLS pins. An attacker on a shared or untrusted LAN could advertise a rogue openclaw-gw. tcp service, potentially causing clients to connect to an attacker-controlled endpoint and accept an attacker certificate. This could lead to the exfiltration of Gateway credentials, including auth.token and auth.password, during the connection process. The impact is primarily limited to developers, testers, and clients relying on discovery on shared or untrusted LANs.

Recommendations Update OpenClaw to version 2026.2.14 or later.