Primary

Context

OpenClaw Unauthenticated Access to Browser Control Routes via Authentication Bootstrap Error

Vulnerability

A vulnerability in OpenClaw versions prior to 2026.3.1 allows browser-control routes to remain accessible without authentication. This issue arises because the application fails to properly manage authentication bootstrap errors during startup. As a result, local processes or loopback-reachable SSRF paths can exploit this flaw to access browser-control routes, including actions that can evaluate code, without valid credentials.

Impact

Exploitation of this vulnerability allows unauthorized access to browser-control routes, including evaluate-capable actions.

Remediation

Users can upgrade to OpenClaw version 2026.3.1 or later to address this vulnerability.

Added: Mar 19, 2026, 10:28 PM

Updated: Mar 19, 2026, 10:28 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.7

remediation

0.0

relevance

4.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.7

remediation

0.0

relevance

4.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenClaw Unauthenticated Access to Browser Control Routes via Authentication Bootstrap Error

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating