CVE-2026-28395
Modified Modified - Updated After Analysis
Improper Network Binding in OpenClaw Chrome Relay Enables Remote Attacks

Publication date: 2026-03-05

Last updated on: 2026-05-26

Assigner: VulnCheck

Description
OpenClaw version 2026.1.14-1 prior to 2026.2.12 contains an improper network binding vulnerability in the Chrome extension (must be installed and enabled) relay server that treats wildcard hosts as loopback addresses, allowing the relay HTTP/WS server to bind to all interfaces when a wildcard cdpUrl is configured. Remote attackers can access relay HTTP endpoints off-host to leak service presence and port information, or conduct denial-of-service and brute-force attacks against the relay token header.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-05
Last Modified
2026-05-26
Generated
2026-06-16
AI Q&A
2026-03-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-28395
EUVD
EUVD-2026-9895
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw From 2026.1.14-1 (inc) to 2026.2.12 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1327 The product assigns the address 0.0.0.0 for a database server, a cloud service/instance, or any computing resource that communicates remotely.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in OpenClaw versions prior to 2026.2.12 in the Chrome extension relay server component. The issue is an improper network binding where wildcard hosts are incorrectly treated as loopback addresses. This causes the relay HTTP/WS server to bind to all network interfaces when a wildcard cdpUrl is configured.

As a result, remote attackers can access relay HTTP endpoints from off-host locations, which they should not normally be able to do.

Impact Analysis

The vulnerability can allow remote attackers to:

  • Leak service presence and port information by accessing relay HTTP endpoints remotely.
  • Conduct denial-of-service (DoS) attacks against the relay server.
  • Perform brute-force attacks against the relay token header, potentially compromising authentication or authorization.
Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-28395. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart