OpenClaw Improper Access Control Vulnerability in iOS A2UI Bridge Allowing Unauthorized Agent.Request Dispatch
Vulnerability
A vulnerability exists in OpenClaw versions prior to 2026.4.2, specifically within the iOS A2UI bridge. This vulnerability arises from improper access control, as it mistakenly considers generic local-network pages as trusted origins. Consequently, attackers can exploit this by loading pages they control from local-network or tailnet hosts, which can then inject unauthorized agent.request executions. This not only disrupts the session state but also depletes the available budget.
Impact
Exploitation of this vulnerability allows for unauthorized injection of agent.request actions into the active iOS node session, disrupting session management and exhausting budget resources. However, this exploitation does not extend to owner-only actions or arbitrary host execution.
Reproduction
To reproduce this vulnerability, load a page from a local-network or tailnet host into the iOS A2UI bridge. The page can then inject unauthorized agent.request actions into the session. This can be tested by creating a local-network page that, when loaded, sends an agent.request injection.
Remediation
Users can update to OpenClaw version 2026.4.2 or later to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.