DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-92JP-89MQ-4374: GHSA-92JP-89MQ-4374: Unauthenticated Sandbox Access and Context Leakage in OpenClaw

#security #cve #cybersecurity #ghsa

GHSA-92JP-89MQ-4374: Unauthenticated Sandbox Access and Context Leakage in OpenClaw

Vulnerability ID: GHSA-92JP-89MQ-4374
CVSS Score: 9.8
Published: 2026-04-17

OpenClaw versions prior to 2026.4.9 suffer from an improper middleware configuration and a sensitive information exposure flaw. This combination allows unauthenticated remote attackers to bypass authorization controls and gain interactive access to the application's sandboxed browser sessions via noVNC.

TL;DR

A critical vulnerability in OpenClaw allows attackers to bypass authentication and gain full interactive access to the AI's internal sandboxed browser. The flaw is caused by incorrect Express.js middleware ordering combined with LLM system prompt data leakage.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-287, CWE-200
  • Attack Vector: Network
  • Authentication: None
  • Impact: Unauthorized Interactive Sandbox Access
  • CVSS v3.1 Score: 9.8
  • Exploit Status: Proof of Concept available

Affected Systems

  • OpenClaw AI assistant platform
  • OpenClaw Browser Bridge Server
  • OpenClaw Sandbox Environment
  • openclaw: < 2026.4.9 (Fixed in: 2026.4.9)

Code Analysis

Commit: 8dfbf32

Fix auth middleware ordering and remove sensitive URL from sandbox context

Mitigation Strategies

  • Upgrade to OpenClaw version 2026.4.9.
  • Restrict network access to browser bridge ports to internal, trusted sources only.
  • Implement a defense-in-depth architecture by enforcing authorization checks at both the middleware layer and the individual route handlers.

Remediation Steps:

  1. Verify the current running version of the OpenClaw package.
  2. Update the openclaw dependency via npm to version 2026.4.9.
  3. Restart the OpenClaw gateway and bridge server services.
  4. Validate the fix by sending an unauthenticated request to /sandbox/novnc and verifying a 401 Unauthorized response.

References

Read the full report for GHSA-92JP-89MQ-4374 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)