CVE-2026-26317
OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints
Description
## Summary Browser-facing localhost mutation routes accepted cross-origin browser requests without explicit Origin/Referer validation. Loopback binding reduces remote exposure but does not prevent browser-initiated requests from malicious origins. ## Impact A malicious website can trigger unauthorized state changes against a victim's local OpenClaw browser control plane (for example opening tabs, starting/stopping the browser, mutating storage/cookies) if the browser control service is reachable on loopback in the victim's browser context. ## Affected Packages / Versions - openclaw (npm): <= 2026.2.13 - clawdbot (npm): <= 2026.1.24-3 ## Details The browser control servers bind to loopback but exposed mutating HTTP endpoints without a CSRF-style guard. Browsers may send cross-origin requests to loopback addresses; without explicit validation, state-changing operations could be triggered from a non-loopback Origin/Referer. ## Fix Mutating HTTP methods (POST/PUT/PATCH/DELETE) are rejected when the request indicates a non-loopback Origin/Referer (or `Sec-Fetch-Site: cross-site`). ## Fix Commit(s) - openclaw/openclaw: b566b09f81e2b704bf9398d8d97d5f7a90aa94c3 ## Workarounds / Mitigations - Enable browser control auth (token/password) and avoid running with auth disabled. - Upgrade to a release that includes the fix. ## Credits - Reporter: @vincentkoc ## Release Process Note `patched_versions` is set to the planned next release version. Once that npm release is published, the advisory should be ready to publish with no further edits.
How to fix CVE-2026-26317
To remediate CVE-2026-26317, upgrade the affected package to a fixed version below.
- —no fix listed
- —upgrade to 2026.2.14 or later
Is CVE-2026-26317 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.