CVE-2026-43577 | THREATINT

Description

OpenClaw before 2026.4.9 contains a file read vulnerability allowing attackers to bypass navigation guards through browser act/evaluate interactions. Attackers can pivot into the local CDP origin and create or read disallowed file:// pages despite direct navigation policy restrictions.

PUBLISHED Reserved 2026-05-01 | Published 2026-05-06 | Updated 2026-05-07 | Assigner VulnCheck

HIGH: 7.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-862 Missing Authorization

Product status

Default status

unaffected

Any version before 2026.4.9

affected

2026.4.9 (semver)

unaffected

Credits

tdjackey reporter

References

github.com/...enclaw/security/advisories/GHSA-qmwg-qprg-3j38 (GitHub Security Advisory (GHSA-qmwg-qprg-3j38)) vendor-advisory

github.com/...ommit/5f5b3d733bdd791cb457f838514179e1288b10b3 (Patch Commit) patch

www.vulncheck.com/...ile-read-via-browser-interaction-routes (VulnCheck Advisory: OpenClaw < 2026.4.9 - Arbitrary File Read via Browser Interaction Routes) third-party-advisory

cve.org (CVE-2026-43577)

nvd.nist.gov (CVE-2026-43577)

Download JSON