Skip to content
CVSS 9.6 · CRITICAL

CVE-2026-43581

OpenClaw before 2026.4.10 contains an improper network binding vulnerability in the sandbox browser CDP relay that exposes Chrome DevTools Protocol on 0.0.0.0. Attackers can access the DevTools protocol outside intended local sandbox boundaries by exploiting the overly broad binding configuration.

View on NVD

Analysis

OpenClaw is a niche project for browser sandboxing, and this vulnerability involves an improper network binding of the Chrome DevTools Protocol. While the severity is high, the software is not widely used in the professional web or mobile development ecosystem, making it low relevance for the community feed.

Severity

Score: 9.6(CRITICAL)
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AV: ADJACENT_NETWORK
AC: LOW
PR: NONE
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE): CWE-1188

EPSS

No EPSS score yet (CVE may be too fresh).

Technical description

OpenClaw before 2026.4.10 contains an improper network binding vulnerability in the sandbox browser CDP relay that exposes Chrome DevTools Protocol on 0.0.0.0. Attackers can access the DevTools protocol outside intended local sandbox boundaries by exploiting the overly broad binding configuration.

Published: 5/6/2026, 8:16:33 PM
Last modified: 5/6/2026, 9:20:52 PM

References

HomeEventsBlogResourcesTeam