PT-2026-25422 · Npm · Openclaw

Published

2026-03-03

·

Updated

2026-03-03

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Impact

assertBrowserNavigationAllowed() validated only http:/https: network targets but implicitly allowed other schemes. An authenticated gateway user could navigate browser sessions to file:// URLs and read local files via browser snapshot/extraction flows.

Affected Component

  • src/browser/navigation-guard.ts

Technical Reproduction

  1. Authenticate to a gateway that has browser tooling enabled.
  2. Invoke browser navigation with a file:// URL (for example file:///etc/passwd).
  3. Read page content through browser snapshot/extract actions.

Demonstrated Impact

An attacker with valid gateway credentials and browser-tool access can exfiltrate local files readable by the OpenClaw process user (for example config/secrets in that user context).

Environment

  • OpenClaw browser tool enabled
  • Attacker has authenticated access capable of invoking browser actions

Remediation Advice

Reject unsupported navigation schemes and allow only explicitly safe non-network URLs. OpenClaw now blocks non-network schemes (such as file:, data:, and javascript:) while preserving about:blank.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected versions: <= 2026.2.19-2
  • Patched in planned next release: 2026.2.21

Fix Commit(s)

  • 220bd95eff6838234e8b4b711f86d4565e16e401

Release Process Note

patched versions is pre-set to the planned next release (2026.2.21) so once npm 2026.2.21 is published, the advisory can be published directly.
OpenClaw thanks @q1uf3ng for reporting.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-610

Related Identifiers

GHSA-45CG-2683-GFMQ

Affected Products

Openclaw