GHSA-PFV7-RR5M-QMV6
Vulnerability from github – Published: 2026-03-03 21:42 – Updated: 2026-03-03 21:42
VLAI
Summary
OpenClaw has auth inconsistency on local Browser Extension Relay /extension endpoint
Details
Summary
When the optional Chrome extension relay is enabled, /extension accepted unauthenticated WebSocket upgrades while /json/* and /cdp required auth.
Affected Packages / Versions
- Package:
openclaw(npm) - Affected:
<= 2026.2.17 - Latest published npm version at triage time:
2026.2.17
Impact
This is a local-only issue on loopback (127.0.0.1) and only applies when the extension relay feature is in use. A local process on the same machine could connect to /extension without the token and interfere with extension-relay behavior.
No remote network exploit path is involved.
Fix
- Require gateway-token auth on both
/extensionand/cdprelay WebSocket endpoints. - Keep loopback/origin checks as defense-in-depth, not as authentication.
- Use one token path in setup:
gateway.auth.token/OPENCLAW_GATEWAY_TOKEN.
Fix Commit(s)
7e54b6c96feb1a5c30884f2b32037b8dadd0e532
OpenClaw thanks @tdjackey for reporting.
Severity
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.2.19"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-306"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-03T21:42:27Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Summary\n\nWhen the optional Chrome extension relay is enabled, `/extension` accepted unauthenticated WebSocket upgrades while `/json/*` and `/cdp` required auth.\n\n### Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected: `\u003c= 2026.2.17`\n- Latest published npm version at triage time: `2026.2.17`\n\n### Impact\n\nThis is a local-only issue on loopback (`127.0.0.1`) and only applies when the extension relay feature is in use. A local process on the same machine could connect to `/extension` without the token and interfere with extension-relay behavior.\n\nNo remote network exploit path is involved.\n\n### Fix\n\n- Require gateway-token auth on both `/extension` and `/cdp` relay WebSocket endpoints.\n- Keep loopback/origin checks as defense-in-depth, not as authentication.\n- Use one token path in setup: `gateway.auth.token` / `OPENCLAW_GATEWAY_TOKEN`.\n\n### Fix Commit(s)\n\n- `7e54b6c96feb1a5c30884f2b32037b8dadd0e532`\n\nOpenClaw thanks @tdjackey for reporting.",
"id": "GHSA-pfv7-rr5m-qmv6",
"modified": "2026-03-03T21:42:27Z",
"published": "2026-03-03T21:42:27Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-pfv7-rr5m-qmv6"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/7e54b6c96feb1a5c30884f2b32037b8dadd0e532"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "OpenClaw has auth inconsistency on local Browser Extension Relay /extension endpoint"
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…