CVE Catalog

CVE-2026-43575

Critical
Published: Translated: NVD NIST

Summary

OpenClaw versions 2026.2.21 before 2026.4.10 contain an authentication bypass vulnerability in the noVNC helper route that exposes interactive browser session credentials. Attackers can access the noVNC helper route without bridge authentication to gain unauthorized access to the interactive browser session.

Risk Assessment

This vulnerability may lead to unauthorized access to sensitive user data, posing a significant security threat to the organization.

Recommendation

It is recommended to upgrade to OpenClaw version 2026.4.10 or later to mitigate this vulnerability and implement additional security measures to protect browser sessions.

Original NVD description (English source)

OpenClaw versions 2026.2.21 before 2026.4.10 contain an authentication bypass vulnerability in the sandbox noVNC helper route that exposes interactive browser session credentials. Attackers can access the noVNC helper route without bridge authentication to gain unauthorized access to the interactive browser session.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS