CVE-2026-32008

Description

## Impact `assertBrowserNavigationAllowed()` validated only `http:`/`https:` network targets but implicitly allowed other schemes. An authenticated gateway user could navigate browser sessions to `file://` URLs and read local files via browser snapshot/extraction flows. ## Affected Component - `src/browser/navigation-guard.ts` ## Technical Reproduction 1. Authenticate to a gateway that has browser tooling enabled. 2. Invoke browser navigation with a `file://` URL (for example `file:///etc/passwd`). 3. Read page content through browser snapshot/extract actions. ## Demonstrated Impact An attacker with valid gateway credentials and browser-tool access can exfiltrate local files readable by the OpenClaw process user (for example config/secrets in that user context). ## Environment - OpenClaw browser tool enabled - Attacker has authenticated access capable of invoking browser actions ## Remediation Advice Reject unsupported navigation schemes and allow only explicitly safe non-network URLs. OpenClaw now blocks non-network schemes (such as `file:`, `data:`, and `javascript:`) while preserving `about:blank`. ## Affected Packages / Versions - Package: `openclaw` (npm) - Affected versions: `<= 2026.2.19-2` - Patched in planned next release: `2026.2.21` ## Fix Commit(s) - `220bd95eff6838234e8b4b711f86d4565e16e401` ## Release Process Note `patched_versions` is pre-set to the planned next release (`2026.2.21`) so once npm `2026.2.21` is published, the advisory can be published directly. OpenClaw thanks @q1uf3ng for reporting.

How to fix CVE-2026-32008

To remediate CVE-2026-32008, upgrade the affected package to a fixed version below.

• —upgrade to 2026.2.21 or later

Is CVE-2026-32008 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2026.2.21