CVE-2026-43575
Authentication Bypass in OpenClaw noVNC Helper Route
Publication date: 2026-05-06
Last updated on: 2026-05-07
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | From 2026.2.21 (inc) to 2026.4.10 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
OpenClaw versions 2026.2.21 before 2026.4.10 have an authentication bypass vulnerability in the sandbox noVNC helper route. This flaw allows attackers to access the noVNC helper route without needing to pass bridge authentication, which exposes interactive browser session credentials.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can gain unauthorized access to interactive browser sessions by bypassing authentication. This can lead to exposure of sensitive session credentials and potentially allow the attacker to interact with the browser session as if they were an authorized user.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in OpenClaw allows attackers to bypass authentication and gain unauthorized access to interactive browser session credentials. This exposure of sensitive session credentials could lead to unauthorized data access or data breaches.
Such unauthorized access and potential data exposure can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict controls on access to personal and sensitive information to protect user privacy and data security.
Therefore, organizations using affected versions of OpenClaw may face increased risk of non-compliance due to this vulnerability if it is not promptly mitigated.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves unauthorized access to the sandbox noVNC helper route without proper bridge authentication, exposing interactive browser session credentials.
To detect this vulnerability on your network or system, you can monitor for unauthorized or unexpected access attempts to the /sandbox/novnc endpoint on OpenClaw servers running affected versions (2026.2.21 to before 2026.4.10).
Suggested commands to help detect potential exploitation attempts include:
- Using network monitoring tools like tcpdump or Wireshark to capture HTTP requests targeting the /sandbox/novnc path.
- Example tcpdump command: sudo tcpdump -i any -A 'tcp port 80 or tcp port 443' | grep '/sandbox/novnc'
- Checking web server or application logs for unauthenticated access attempts to the /sandbox/novnc route.
- Example grep command on logs: grep '/sandbox/novnc' /var/log/openclaw/access.log | grep -v 'authenticated'
These methods can help identify if unauthorized users are attempting to or have accessed the vulnerable noVNC helper route.
What immediate steps should I take to mitigate this vulnerability?
The primary and recommended immediate mitigation step is to upgrade OpenClaw to version 2026.4.10 or later, where the vulnerability has been patched.
The patch ensures that the /sandbox/novnc endpoint requires proper bridge authentication before allowing access, preventing unauthorized users from exploiting the authentication bypass.
If upgrading immediately is not possible, consider restricting access to the /sandbox/novnc route via network-level controls such as firewall rules or reverse proxy configurations to limit exposure.
Additionally, monitor logs and network traffic for suspicious access attempts to the noVNC helper route and respond accordingly.