OpenClaw Improper URL Scheme Validation Vulnerability Allowing Arbitrary Local File Read

A vulnerability exists in OpenClaw versions prior to 2026.2.21 due to improper validation of URL schemes in the assertBrowserNavigationAllowed() function. This flaw allows authenticated users with access to browser tools to navigate to file:// URLs. Exploitation of this vulnerability enables access to local files that are readable by the OpenClaw process user, potentially leading to the exfiltration of sensitive data through browser snapshot and extraction actions.

Impact

Exploitation allows authenticated users with browser-tool access to read local files via the browser, exfiltrating data such as configuration or secret files accessible to the OpenClaw process user.

Reproduction

To reproduce this vulnerability, authenticate to a gateway with browser tooling enabled. Then, invoke browser navigation with a file URL, such as file:///etc/passwd. After the navigation is processed, use browser snapshot or extraction actions to read the content of the accessed file.

Remediation

OpenClaw has been updated to block non-network navigation protocols, including file, data, and JavaScript URLs, while allowing about:blank. This fix will be included in the next npm release.