CVE-2026-28458
Unauthenticated WebSocket Access in OpenClaw Browser Relay Enables Data Theft
Publication date: 2026-03-05
Last updated on: 2026-03-09
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | From 2026.1.20 (inc) to 2026.2.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
OpenClaw version 2026.1.20 prior to 2026.2.1 has a vulnerability in its Browser Relay /cdp WebSocket endpoint. This endpoint does not require authentication tokens, which means that any website can connect to it via the loopback interface (localhost).
By exploiting this, attackers can connect to ws://127.0.0.1:18792/cdp and gain access to sensitive data such as session cookies. They can also execute JavaScript in other browser tabs, potentially compromising the user's browser sessions.
How can this vulnerability impact me? :
This vulnerability can allow attackers to steal session cookies, which may lead to unauthorized access to user accounts or sensitive information.
Additionally, attackers can execute JavaScript in other browser tabs, which can be used to manipulate or hijack browser sessions, potentially leading to further compromise of user data or actions performed on behalf of the user.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know