PT-2026-38236 · Openclaw · Openclaw
R1Kko1337
·
Published
2026-05-06
·
Updated
2026-05-14
·
CVE-2026-43581
CVSS v3.1
9.6
Critical
| Vector | AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OpenClaw versions prior to 2026.4.10
Description
An improper network binding issue exists in the sandbox browser CDP relay, which exposes the Chrome DevTools Protocol on 0.0.0.0. This overly broad binding configuration allows attackers to access the DevTools protocol from outside the intended local sandbox boundaries.
Recommendations
Update to version 2026.4.10.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openclaw