OpenClaw Missing Authentication in Browser Control HTTP Endpoints Privilege Escalation Vulnerability

A vulnerability exists in OpenClaw versions 2026.1.5 prior to 2026.2.12, where the application fails to enforce authentication on the local browser-control HTTP route '/agent/act'. This oversight allows unauthorized local callers to perform privileged operations. The vulnerability can be exploited by remote attackers on the local network or by local processes, enabling them to execute arbitrary actions in the browser context and access sensitive in-session data through unauthenticated endpoints.

Impact

Exploitation of this vulnerability could lead to unauthorized access to browser control features, allowing attackers to manipulate browser sessions and retrieve confidential session data.

Reproduction

The vulnerability can be reproduced by enabling browser control in the OpenClaw application without configuring authentication. Once the browser control is active, local processes can send requests to the '/agent/act' HTTP route without authentication, bypassing the security measures that should be in place.

Remediation

Users can set the 'gateway.auth.token' or 'gateway.auth.password' to secure browser control HTTP routes. If no authentication is configured, OpenClaw will automatically generate a 'gateway.auth.token' when the browser control is enabled. After updating the authentication settings, it's recommended to restart the OpenClaw gateway to apply the changes.