OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints
Description
OpenClaw is a personal AI assistant. Prior to 2026.2.14, browser-facing localhost mutation routes accepted cross-origin browser requests without explicit Origin/Referer validation. Loopback binding reduces remote exposure but does not prevent browser-initiated requests from malicious origins. A malicious website can trigger unauthorized state changes against a victim's local OpenClaw browser control plane (for example opening tabs, starting/stopping the browser, mutating storage/cookies) if the browser control service is reachable on loopback in the victim's browser context. Starting in version 2026.2.14, mutating HTTP methods (POST/PUT/PATCH/DELETE) are rejected when the request indicates a non-loopback Origin/Referer (or Sec-Fetch-Site: cross-site). Other mitigations include enabling browser control auth (token/password) and avoid running with auth disabled.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
openclawnpm | < 2026.2.14 | 2026.2.14 |
clawdbotnpm | <= 2026.1.24-3 | — |
Affected products
4- ghsa-coords2 versions
<= 2026.1.24-3+ 1 more
- (no CPE)range: <= 2026.1.24-3
- (no CPE)range: < 2026.2.14
- openclaw/clawdbotv5Range: <= 2026.1.24-3
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-3fqr-4cg8-h96qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-26317ghsaADVISORY
- github.com/openclaw/openclaw/commit/b566b09f81e2b704bf9398d8d97d5f7a90aa94c3ghsax_refsource_MISCWEB
- github.com/openclaw/openclaw/releases/tag/v2026.2.14ghsax_refsource_MISCWEB
- github.com/openclaw/openclaw/security/advisories/GHSA-3fqr-4cg8-h96qghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.