Skip to content
CVSS 8.1 · HIGH

CVE-2026-42431

OpenClaw before 2026.4.8 contains a security bypass vulnerability in node.invoke(browser.proxy) that allows mutation of persistent browser profiles. Attackers can exploit this path to circumvent the browser.request persistent profile-mutation guard and modify browser configurations.

Ver en NVD

Análisis

OpenClaw appears to be a niche library or application rather than a widely used development tool or infrastructure component. While the vulnerability allows for a security bypass regarding browser profile mutations, its impact is limited to a very specific user base and does not affect the broader software development ecosystem.

Severidad

Puntaje: 8.1(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
AV: NETWORK
AC: LOW
PR: LOW
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: NONE
Tipo de falla (CWE): CWE-863

EPSS

Probabilidad de explotación (próx. 30 días): 0.0003 (0.0%)
Percentil: 9.0%
EPSS: 2026-05-06

Afecta

openclaw:openclaw

Descripción técnica

OpenClaw before 2026.4.8 contains a security bypass vulnerability in node.invoke(browser.proxy) that allows mutation of persistent browser profiles. Attackers can exploit this path to circumvent the browser.request persistent profile-mutation guard and modify browser configurations.

Publicada: 28/4/2026, 19:37:47
Última modificación: 30/4/2026, 14:06:11

Referencias

InicioEventosBlogRecursosEquipo