Skip to content
CVSS 9.8 · CRITICAL

CVE-2026-43575

OpenClaw versions 2026.2.21 before 2026.4.10 contain an authentication bypass vulnerability in the sandbox noVNC helper route that exposes interactive browser session credentials. Attackers can access the noVNC helper route without bridge authentication to gain unauthorized access to the interactive browser session.

Ver en NVD

Análisis

OpenClaw appears to be a specialized tool for browser sandboxing and VNC-based testing environments. While the CVSS score is critical due to a pre-authentication bypass that exposes session credentials, the software lacks the widespread deployment in the common MexicoDev stack to justify a general alert.

Severidad

Puntaje: 9.8(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-862

EPSS

Sin puntaje EPSS aún (CVE muy reciente).

Descripción técnica

OpenClaw versions 2026.2.21 before 2026.4.10 contain an authentication bypass vulnerability in the sandbox noVNC helper route that exposes interactive browser session credentials. Attackers can access the noVNC helper route without bridge authentication to gain unauthorized access to the interactive browser session.

Publicada: 6/5/2026, 20:16:33
Última modificación: 6/5/2026, 21:21:14

Referencias

InicioEventosBlogRecursosEquipo