CVE-2026-26317

Summary

Browser-facing localhost mutation routes accepted cross-origin browser requests without explicit Origin/Referer validation. Loopback binding reduces remote exposure but does not prevent browser-initiated requests from malicious origins.

Impact

A malicious website can trigger unauthorized state changes against a victim's local OpenClaw browser control plane (for example opening tabs, starting/stopping the browser, mutating storage/cookies) if the browser control service is reachable on loopback in the victim's browser context.

Affected Packages / Versions

• openclaw (npm): <= 2026.2.13
• clawdbot (npm): <= 2026.1.24-3

Details

The browser control servers bind to loopback but exposed mutating HTTP endpoints without a CSRF-style guard. Browsers may send cross-origin requests to loopback addresses; without explicit validation, state-changing operations could be triggered from a non-loopback Origin/Referer.

Fix

Mutating HTTP methods (POST/PUT/PATCH/DELETE) are rejected when the request indicates a non-loopback Origin/Referer (or Sec-Fetch-Site: cross-site).

Fix Commit(s)

• openclaw/openclaw: b566b09f81e2b704bf9398d8d97d5f7a90aa94c3

Workarounds / Mitigations

• Enable browser control auth (token/password) and avoid running with auth disabled.
• Upgrade to a release that includes the fix.

Credits

• Reporter: @vincentkoc

Release Process Note

patched_versions is set to the planned next release version. Once that npm release is published, the advisory should be ready to publish with no further edits.