CVE-2026-43580 | THREATINT

Description

OpenClaw before 2026.4.10 contains an incomplete navigation guard vulnerability that allows attackers to trigger navigation without complete SSRF policy enforcement. Browser press/type style interactions, including pressKey and type submit flows, can bypass post-action security checks to execute unauthorized navigation.

PUBLISHED Reserved 2026-05-01 | Published 2026-05-06 | Updated 2026-05-07 | Assigner VulnCheck

MEDIUM: 4.9CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

HIGH: 7.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Problem types

CWE-862 Missing Authorization

Product status

Default status

unaffected

Any version before 2026.4.10

affected

2026.4.10 (semver)

unaffected

Credits

zsx (@zsxsoft) reporter

KeenSecurityLab coordinator

qclawer tool

References

github.com/...enclaw/security/advisories/GHSA-536q-mj95-h29h (GitHub Security Advisory (GHSA-536q-mj95-h29h)) vendor-advisory

github.com/...ommit/049acf23cb03e1b92f5c71cd99c6ec5f35cc56fe (Patch Commit (1)) patch

github.com/...ommit/5f5b3d733bdd791cb457f838514179e1288b10b3 (Patch Commit (2)) patch

github.com/...ommit/e0b8ddc1a55185aff1cf9e0e095014d2e4f1d894 (Patch Commit (3)) patch

www.vulncheck.com/...-guard-coverage-in-browser-interactions (VulnCheck Advisory: OpenClaw < 2026.4.10 - Incomplete Navigation Guard Coverage in Browser Interactions) third-party-advisory

cve.org (CVE-2026-43580)

nvd.nist.gov (CVE-2026-43580)

Download JSON