{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "2026.1.29" }, { "fixed": "2026.2.14" } ] }, "events": [ { "introduced": "77e703c69b07a236c2f0962bd195e03aae1b8da0" }, { "fixed": "b5ab92eef4e4f6099c98817e0917c99ec9e03045" }, { "fixed": "4711a943e30bc58016247152ba06472dab09d0b0" }, { "fixed": "6dd6bce997c48752134f2d6ed89b27de01ced7e3" }, { "fixed": "cd84885a4ac78eadb7bf321aae98db9519426d67" } ], "repo": "https://github.com/openclaw/openclaw", "type": "GIT" } ] } ], "aliases": [ "GHSA-h9g4-589h-68xv" ], "details": "OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.14 contain a vulnerability in the sandbox browser bridge server in which it accepts requests without requiring gateway authentication, allowing local attackers to access browser control endpoints. A local attacker can enumerate tabs, retrieve WebSocket URLs, execute JavaScript, and exfiltrate cookies and session data from authenticated browser contexts.", "id": "CVE-2026-28468", "modified": "2026-04-01T23:10:25.426229356Z", "published": "2026-03-05T22:16:20.197Z", "references": [ { "type": "ADVISORY", "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-h9g4-589h-68xv" }, { "type": "ADVISORY", "url": "https://www.vulncheck.com/advisories/openclaw-beta-authentication-bypass-in-sandbox-browser-bridge-server" }, { "type": "FIX", "url": "https://github.com/openclaw/openclaw/commit/cd84885a4ac78eadb7bf321aae98db9519426d67" }, { "type": "FIX", "url": "https://github.com/openclaw/openclaw/commit/4711a943e30bc58016247152ba06472dab09d0b0" }, { "type": "FIX", "url": "https://github.com/openclaw/openclaw/commit/6dd6bce997c48752134f2d6ed89b27de01ced7e3" } ], "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "type": "CVSS_V3" } ] }