OpenClaw Chrome CDP Probe Loopback Relay Token Injection Vulnerability

A vulnerability exists in OpenClaw versions prior to 2026.2.22, where the application injects the 'x-OpenClaw-relay-token' header into Chrome DevTools Protocol (CDP) probe traffic on loopback interfaces. This injection allows local processes to intercept the Gateway authentication token. An attacker controlling a loopback port can capture CDP reachability probes directed to the '/json/version' endpoint, reuse the leaked token for Gateway bearer authentication, and potentially exploit other local vulnerabilities.

Impact

Exploitation of this vulnerability leads to unauthorized access using the intercepted Gateway authentication token, which can be used to access Gateway functionalities that require authentication.

Reproduction

The vulnerability can be reproduced by sending a CDP reachability probe to a loopback interface port that is being monitored. The 'x-OpenClaw-relay-token' header will be injected into the probe response, allowing interception of the Gateway authentication token.

Remediation

Users can update to OpenClaw version 2026.2.22 or later, where this vulnerability has been patched.