OpenClaw Wide-Area Discovery Vulnerability Allows Arbitrary DNS Authority Acceptance and Credential Exfiltration
Vulnerability
A vulnerability in OpenClaw versions prior to 2026.3.31 allows arbitrary tailnet peers to be accepted as DNS authorities through wide-area discovery. This issue enables attackers with the same-tailnet position and CA-trusted endpoint access to manipulate DNS steering, exfiltrating operator credentials. The vulnerability arises from inadequate origin validation, allowing unauthorized peers to interfere with DNS-based service discovery and credential management.
Impact
Exploitation of this vulnerability could lead to unauthorized DNS authority acceptance, allowing attackers to manipulate DNS records and potentially exfiltrate sensitive credentials from OpenClaw operators.
Reproduction
The vulnerability can be reproduced by querying the wide-area gateway service domain while positioned on the same tailnet as the target. If successful, the attacker's peer will be accepted as a DNS authority, allowing for credential exfiltration through manipulated DNS steering.
Remediation
Users can update to OpenClaw version 2026.3.31 or later to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.