CVE-2026-26317

HIGH7.1EPSS 0.02%

OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints

Published: 2/18/2026Modified: 2/20/2026
Also known as:GHSA-3fqr-4cg8-h96q

Description

## Summary Browser-facing localhost mutation routes accepted cross-origin browser requests without explicit Origin/Referer validation. Loopback binding reduces remote exposure but does not prevent browser-initiated requests from malicious origins. ## Impact A malicious website can trigger unauthorized state changes against a victim's local OpenClaw browser control plane (for example opening tabs, starting/stopping the browser, mutating storage/cookies) if the browser control service is reachable on loopback in the victim's browser context. ## Affected Packages / Versions - openclaw (npm): <= 2026.2.13 - clawdbot (npm): <= 2026.1.24-3 ## Details The browser control servers bind to loopback but exposed mutating HTTP endpoints without a CSRF-style guard. Browsers may send cross-origin requests to loopback addresses; without explicit validation, state-changing operations could be triggered from a non-loopback Origin/Referer. ## Fix Mutating HTTP methods (POST/PUT/PATCH/DELETE) are rejected when the request indicates a non-loopback Origin/Referer (or `Sec-Fetch-Site: cross-site`). ## Fix Commit(s) - openclaw/openclaw: b566b09f81e2b704bf9398d8d97d5f7a90aa94c3 ## Workarounds / Mitigations - Enable browser control auth (token/password) and avoid running with auth disabled. - Upgrade to a release that includes the fix. ## Credits - Reporter: @vincentkoc ## Release Process Note `patched_versions` is set to the planned next release version. Once that npm release is published, the advisory should be ready to publish with no further edits.

Affected packages (2)

CVSS scores

SourceVersionSeverityVector
osvCVSS 3.1HIGH7.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L

References (5)