OpenClaw Missing VNC Authentication in Sandbox Browser noVNC Observer

A vulnerability exists in OpenClaw versions prior to 2026.2.21, where the sandbox browser entrypoint launches x11vnc for noVNC observer sessions without authentication. This flaw allows remote attackers on the host loopback interface to access the VNC interface and interact with the sandbox browser without credentials. The issue arises because the noVNC port is published to the host loopback only, creating a default local exposure that can be exploited if the port is exposed more broadly.

Impact

Exploitation of this vulnerability allows for unauthenticated access to the VNC interface of the sandbox browser, enabling observation or interaction with the browser session.

Reproduction

To reproduce this vulnerability, use OpenClaw versions prior to 2026.2.21 and start a sandbox browser session with noVNC observer access. The VNC server will run without authentication, and a connection can be made to the noVNC port on the loopback interface.

Remediation

Users can update to OpenClaw version 2026.2.21 or later, which requires VNC password authentication for noVNC observer sessions. After updating, it's recommended to verify that noVNC ports are only published to the loopback interface.