OpenClaw Missing Authentication in Browser Relay WebSocket Endpoint Vulnerability

A vulnerability exists in OpenClaw versions 2026.1.20 prior to 2026.2.1, specifically within the Browser Relay feature of the Chrome extension. The issue arises in the '/cdp' WebSocket endpoint, which does not require authentication tokens. This lack of authentication allows websites to connect to the local relay via loopback and access sensitive data, such as session cookies from other open tabs, and execute JavaScript in those tabs. The vulnerability can be exploited by connecting to 'ws://127.0.0.1:18792/cdp' (the default WebSocket port) to steal cookies and run scripts in the context of other browser tabs.

Impact

Exploitation of this vulnerability could lead to unauthorized access to session cookies from other open tabs, allowing for potential session hijacking. Additionally, it could enable the execution of JavaScript in the context of those tabs, potentially leading to further exploitation or data leakage.

Reproduction

To reproduce this vulnerability, first ensure that the OpenClaw Chrome extension is installed and the Browser Relay feature is active. Then, visit an untrusted website that can initiate cross-origin WebSocket connections. The website can then connect to the vulnerable WebSocket endpoint without an authentication token, access cookies from other tabs, and execute JavaScript in their context.

Remediation

Users can update to OpenClaw version 2026.2.1 or later, which includes the necessary authentication requirement for the Browser Relay WebSocket endpoint. If an immediate update is not possible, users should disable the Browser Relay extension and avoid visiting untrusted websites.