Skip to content
CVSS 9.6 · CRITICAL

CVE-2026-43581

OpenClaw before 2026.4.10 contains an improper network binding vulnerability in the sandbox browser CDP relay that exposes Chrome DevTools Protocol on 0.0.0.0. Attackers can access the DevTools protocol outside intended local sandbox boundaries by exploiting the overly broad binding configuration.

Ver en NVD

Análisis

OpenClaw is a niche project for browser sandboxing, and this vulnerability involves an improper network binding of the Chrome DevTools Protocol. While the severity is high, the software is not widely used in the professional web or mobile development ecosystem, making it low relevance for the community feed.

Severidad

Puntaje: 9.6(CRITICAL)
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AV: ADJACENT_NETWORK
AC: LOW
PR: NONE
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-1188

EPSS

Sin puntaje EPSS aún (CVE muy reciente).

Descripción técnica

OpenClaw before 2026.4.10 contains an improper network binding vulnerability in the sandbox browser CDP relay that exposes Chrome DevTools Protocol on 0.0.0.0. Attackers can access the DevTools protocol outside intended local sandbox boundaries by exploiting the overly broad binding configuration.

Publicada: 6/5/2026, 20:16:33
Última modificación: 6/5/2026, 21:20:52

Referencias

InicioEventosBlogRecursosEquipo