CVE-2026-28468

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.1.29-beta.1 through 2026.2.13

Description The software contains a flaw in the sandbox browser bridge server that does not require gateway authentication, potentially allowing local attackers to access browser control endpoints. A local attacker could enumerate tabs, retrieve WebSocket URLs, execute JavaScript, and exfiltrate cookies and session data from authenticated browser contexts. The issue affects versions starting with 2026.1.29-beta.1. The bridge server exposes endpoints such as /profiles, /tabs, /tabs/open, and /agent/*. Exploitation is limited to the local machine, but can lead to full browser-session compromise for sandboxed browser usage. The vulnerable component is the sandbox browser bridge server.

Recommendations Upgrade to version 2026.2.14. Alternatively, disable the sandboxed browser by setting agents.defaults.sandbox.browser.enabled=false.