OpenClaw Service Discovery Vulnerability in CLI Routing via Bonjour and DNS-SD Metadata
Vulnerability
A vulnerability exists in OpenClaw versions prior to 2026.3.22, where TXT metadata from Bonjour and DNS-SD can improperly influence command-line interface (CLI) routing. This occurs even when actual service resolution fails. Attackers may exploit this by injecting malicious discovery metadata, using unresolved hints to redirect routing decisions to unintended targets.
Impact
Exploitation of this vulnerability can lead to misrouted CLI commands, potentially causing interactions with the wrong services or targets.
Reproduction
The vulnerability can be reproduced by using OpenClaw versions prior to 2026.3.22 and providing malicious TXT metadata through Bonjour or DNS-SD that is not backed by actual service resolution. This can be done by manually crafting discovery responses that include unresolved hints, which will then be processed by the OpenClaw CLI, steering routing decisions based on the injected metadata.
Remediation
Users can upgrade to OpenClaw version 2026.3.22 or later to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.