CVE-2026-42436
OpenClaw: Browser snapshot and screenshot routes could expose internal page content after navigation
Description
## Summary Browser snapshot and screenshot routes could expose internal page content after navigation. ## Affected Packages / Versions - Package: `openclaw` - Ecosystem: npm - Affected versions: `< 2026.4.14` - Patched versions: `>= 2026.4.14` ## Impact Authenticated browser tool callers could use snapshot, screenshot, or tab routes that did not consistently validate the final browser target after route-driven navigation. In restrictive browser SSRF configurations this could expose content from internal or otherwise disallowed pages. ## Technical Details The fix re-checks browser snapshot, screenshot, and tab route results against the configured browser SSRF policy before returning page content. Regression coverage was added around snapshot/screenshot and tab-route flows. ## Fix The issue was fixed in #66040. The first stable tag containing the fix is `v2026.4.14`, and `[email protected]` includes the fix. ## Fix Commit(s) - `b75ad800a59009fc47eaa3471410f69046150e59` - PR: #66040 ## Release Process Note Users should upgrade to `openclaw` 2026.4.14 or newer. The latest npm release, `2026.4.14`, already includes the fix. ## Credits Thanks to @zsxsoft, with sponsorship from @KeenSecurityLab and @qclawer for reporting this issue.
How to fix CVE-2026-42436
To remediate CVE-2026-42436, upgrade the affected package to a fixed version below.
- —upgrade to 2026.4.14 or later
Is CVE-2026-42436 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2026.4.14