CVE-2026-26317
Received Received - Intake
Cross-Origin Request Forgery in OpenClaw Browser Control Plane

Publication date: 2026-02-19

Last updated on: 2026-02-26

Assigner: GitHub, Inc.

Description
OpenClaw is a personal AI assistant. Prior to 2026.2.14, browser-facing localhost mutation routes accepted cross-origin browser requests without explicit Origin/Referer validation. Loopback binding reduces remote exposure but does not prevent browser-initiated requests from malicious origins. A malicious website can trigger unauthorized state changes against a victim's local OpenClaw browser control plane (for example opening tabs, starting/stopping the browser, mutating storage/cookies) if the browser control service is reachable on loopback in the victim's browser context. Starting in version 2026.2.14, mutating HTTP methods (POST/PUT/PATCH/DELETE) are rejected when the request indicates a non-loopback Origin/Referer (or `Sec-Fetch-Site: cross-site`). Other mitigations include enabling browser control auth (token/password) and avoid running with auth disabled.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-19
Last Modified
2026-02-26
Generated
2026-06-16
AI Q&A
2026-02-20
EPSS Evaluated
2026-06-14
NVD
CVE-2026-26317
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.2.14 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects OpenClaw, a personal AI assistant, in versions prior to 2026.2.14. The issue is that browser-facing localhost mutation routes accepted cross-origin browser requests without properly validating the Origin or Referer headers. Although the service binds to the loopback interface, which limits remote exposure, it does not prevent malicious websites from making unauthorized requests from the victim's browser context.

A malicious website can exploit this by triggering unauthorized state changes in the victim's local OpenClaw browser control plane, such as opening tabs, starting or stopping the browser, or modifying storage and cookies. Starting with version 2026.2.14, OpenClaw rejects mutating HTTP methods (POST, PUT, PATCH, DELETE) if the request comes from a non-loopback Origin or Referer, or if the Sec-Fetch-Site header indicates a cross-site request. Additional mitigations include enabling authentication for browser control and avoiding running the service without authentication.

Impact Analysis

This vulnerability can allow a malicious website to perform unauthorized actions on your local OpenClaw browser control plane without your consent. Such actions include opening new browser tabs, starting or stopping the browser, and modifying storage or cookies. These unauthorized state changes can disrupt your browsing experience, compromise your local data, or potentially be used as part of a larger attack to manipulate your environment.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, you should upgrade OpenClaw to version 2026.2.14 or later, where mutating HTTP methods (POST/PUT/PATCH/DELETE) are rejected if the request indicates a non-loopback Origin/Referer or Sec-Fetch-Site: cross-site.

Additionally, enable browser control authentication using tokens or passwords, and avoid running the browser control service with authentication disabled.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-26317. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart