OpenClaw Cross-Site Request Forgery Vulnerability in Browser Control Loopback Routes

A cross-site request forgery (CSRF) vulnerability has been identified in OpenClaw, a personal AI assistant, prior to version 2026.2.14. The issue arises because browser-facing localhost mutation routes accepted cross-origin requests without proper validation of the Origin or Referer headers. While loopback binding limits remote exposure, it does not prevent malicious websites from initiating unauthorized state changes in the user's local OpenClaw browser control. This could include actions such as opening tabs, controlling browser playback, or modifying storage and cookie data, provided the browser control service is accessible on loopback in the user's browser.

Impact

Exploitation of this vulnerability allows a malicious website to make unauthorized changes to a user's local OpenClaw browser control, such as opening or closing tabs, controlling browser functions, or altering storage and cookie data.

Reproduction

To reproduce this vulnerability, access a loopback browser control route from a malicious website that can send cross-origin requests. This can be done by crafting a website that sends such requests, targeting the OpenClaw browser control service while it is running and accessible on loopback.

Remediation

Users can upgrade to OpenClaw version 2026.2.14 or later, where this vulnerability has been patched. Additionally, enabling browser control authentication and avoiding running the application with authentication disabled can help mitigate the risk.