CVE-2026-22174
OpenClaw Loopback CDP probe can leak Gateway token to local listener
Description
### Summary A local process can capture the OpenClaw Gateway auth token from Chrome CDP probe traffic on loopback. ### Details Affected versions inject `x-openclaw-relay-token` for loopback CDP URLs, and CDP reachability probes send that header to `/json/version`. If an attacker controls the probed loopback port, they can read that token and reuse it as Gateway bearer auth. Relevant code paths (pre-fix): - `src/browser/extension-relay.ts` (`getChromeExtensionRelayAuthHeaders`) - `src/browser/cdp.helpers.ts` (`getHeadersWithAuth`) - `src/browser/chrome.ts` (`fetchChromeVersion`) ### Affected Packages / Versions - Package: `openclaw` (npm) - Latest published (at triage): `2026.2.21-2` - Vulnerable: `<= 2026.2.21-2` - Patched: >= 2026.2.22 ### Deployment Model Applicability This does **not** change OpenClaw’s documented security model for standard single-owner installs (you own the machine/VPS and trust local processes under that OS account boundary). Risk is for **non-standard shared-user/shared-host installs** where an untrusted local user/process can race/bind the loopback relay port. ### Impact - Local credential disclosure. - Follow-on impact depends on local deployment and enabled Gateway capabilities. ### Fix Commit(s) - `afa22acc4a09fdf32be8a167ae216bee85c30dad` ### Release Process Note Patched version is set to >= 2026.2.22 for the published release. OpenClaw thanks @tdjackey for reporting.
How to fix CVE-2026-22174
To remediate CVE-2026-22174, upgrade the affected package to a fixed version below.
- —upgrade to 2026.2.22 or later
Is CVE-2026-22174 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2026.2.22