CVE-2026-43581

Published: Mag 06, 2026 Last Modified: Mag 06, 2026

ExploitDB:

Other exploit source:

Google Dorks:

CRITICAL 9,0

Source: [email protected]

Attack Vector: adjacent

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

CRITICAL 9,6

Source: [email protected]

Attack Vector: adjacent_network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: changed

Confidentiality: high

Integrity: high

Availability: high

Description

AI Translation Available

OpenClaw before 2026.4.10 contains an improper network binding vulnerability in the sandbox browser CDP relay that exposes Chrome DevTools Protocol on 0.0.0.0. Attackers can access the DevTools protocol outside intended local sandbox boundaries by exploiting the overly broad binding configuration.

1188

Initialization of a Resource with an Insecure Default

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Other

Potential Impacts:

Varies By Context

Applicable Platforms

All platforms may be affected

View CWE Details

https://github.com/openclaw/openclaw/commit/fbf11ebdb711063…

https://github.com/openclaw/openclaw/commit/fbf11ebdb7110632f93926d0ac7b48f04cb…

https://github.com/openclaw/openclaw/security/advisories/GH…

https://github.com/openclaw/openclaw/security/advisories/GHSA-525j-hqq2-66r4

https://www.vulncheck.com/advisories/openclaw-chrome-devtoo…

https://www.vulncheck.com/advisories/openclaw-chrome-devtools-protocol-exposure…

CVE-2026-43581

Description

Initialization of a Resource with an Insecure Default

Common Consequences

Applicable Platforms

Iscriviti alla newsletter