CVE-2026-26327
Received Received - Intake
Unauthenticated mDNS TXT Injection in OpenClaw Enables Credential Theft

Publication date: 2026-02-19

Last updated on: 2026-02-23

Assigner: GitHub, Inc.

Description
OpenClaw is a personal AI assistant. Discovery beacons (Bonjour/mDNS and DNS-SD) include TXT records such as `lanHost`, `tailnetDns`, `gatewayPort`, and `gatewayTlsSha256`. TXT records are unauthenticated. Prior to version 2026.2.14, some clients treated TXT values as authoritative routing/pinning inputs. iOS and macOS used TXT-provided host hints (`lanHost`/`tailnetDns`) and ports (`gatewayPort`) to build the connection URL. iOS and Android allowed the discovery-provided TLS fingerprint (`gatewayTlsSha256`) to override a previously stored TLS pin. On a shared/untrusted LAN, an attacker could advertise a rogue `_openclaw-gw._tcp` service. This could cause a client to connect to an attacker-controlled endpoint and/or accept an attacker certificate, potentially exfiltrating Gateway credentials (`auth.token` / `auth.password`) during connection. As of time of publication, the iOS and Android apps are alpha/not broadly shipped (no public App Store / Play Store release). Practical impact is primarily limited to developers/testers running those builds, plus any other shipped clients relying on discovery on a shared/untrusted LAN. Version 2026.2.14 fixes the issue. Clients now prefer the resolved service endpoint (SRV + A/AAAA) over TXT-provided routing hints. Discovery-provided fingerprints no longer override stored TLS pins. In iOS/Android, first-time TLS pins require explicit user confirmation (fingerprint shown; no silent TOFU) and discovery-based direct connects are TLS-only. In Android, hostname verification is no longer globally disabled (only bypassed when pinning).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-19
Last Modified
2026-02-23
Generated
2026-05-27
AI Q&A
2026-02-20
EPSS Evaluated
2026-05-25
NVD
CVE-2026-26327
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.2.14 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-345 The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability affects OpenClaw, a personal AI assistant, where discovery beacons use unauthenticated TXT records containing routing and security information.

Before version 2026.2.14, some clients (iOS, macOS, Android) trusted these TXT records as authoritative for routing and TLS pinning, allowing an attacker on a shared or untrusted LAN to advertise a rogue service.

This could cause clients to connect to attacker-controlled endpoints and accept attacker certificates, potentially exposing sensitive Gateway credentials such as authentication tokens and passwords.

The issue is fixed in version 2026.2.14 by preferring resolved service endpoints over TXT hints, disallowing discovery-provided TLS fingerprints to override stored pins without explicit user confirmation, and enforcing stricter hostname verification.


How can this vulnerability impact me? :

If you are using affected versions of OpenClaw clients on iOS, macOS, or Android in a shared or untrusted LAN environment, an attacker could intercept your connection by advertising a rogue service.

This could lead to your Gateway credentials (authentication tokens or passwords) being exfiltrated, compromising your account and potentially allowing unauthorized access.

However, the practical impact is currently limited mainly to developers and testers using alpha or pre-release versions of the apps, as these clients are not broadly shipped.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, upgrade OpenClaw clients to version 2026.2.14 or later, where the issue is fixed.

This version changes clients to prefer resolved service endpoints (SRV + A/AAAA) over TXT-provided routing hints and prevents discovery-provided TLS fingerprints from overriding stored TLS pins.

Additionally, ensure that clients are not running on shared or untrusted LANs where rogue _openclaw-gw._tcp services could be advertised.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart