top of page
perceptive_background_267k.jpg

OpenClaw versions 2026.2.21 before 2026.4.10 contain an authentication bypass vulnerability in the sandbox noVNC helper route that exposes interactive browser s…

Published:

5 mei 2026 om 22:00:00

Alert date:

6 mei 2026 om 21:05:32

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Identity & Access

OpenClaw versions 2026.2.21 before 2026.4.10 contain an authentication bypass vulnerability in the sandbox noVNC helper route. The vulnerability exposes interactive browser session credentials by allowing attackers to access the noVNC helper route without proper bridge authentication. This results in unauthorized access to interactive browser sessions. The issue affects the authentication mechanism in OpenClaw's sandbox environment. Multiple security advisories and patches have been released to address this vulnerability.

Technical details

Mitigation steps:

Affected products:

OpenClaw

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-43575
https://github.com/openclaw/openclaw/commit/8dfbf3268bd224b7377d1ecca77a445100746085
https://github.com/openclaw/openclaw/security/advisories/GHSA-92jp-89mq-4374
https://www.vulncheck.com/advisories/openclaw-authentication-bypass-in-sandbox-novnc-helper-route

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page