CVE-2026-28395
Improper Network Binding in OpenClaw Chrome Relay Enables Remote Attacks
Publication date: 2026-03-05
Last updated on: 2026-03-09
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | From 2026.1.14-1 (inc) to 2026.2.12 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1327 | The product assigns the address 0.0.0.0 for a database server, a cloud service/instance, or any computing resource that communicates remotely. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in OpenClaw versions prior to 2026.2.12 in the Chrome extension relay server component. The issue is an improper network binding where wildcard hosts are incorrectly treated as loopback addresses. This causes the relay HTTP/WS server to bind to all network interfaces when a wildcard cdpUrl is configured.
As a result, remote attackers can access relay HTTP endpoints from off-host locations, which they should not normally be able to do.
How can this vulnerability impact me? :
The vulnerability can allow remote attackers to:
- Leak service presence and port information by accessing relay HTTP endpoints remotely.
- Conduct denial-of-service (DoS) attacks against the relay server.
- Perform brute-force attacks against the relay token header, potentially compromising authentication or authorization.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know