Platform
nodejs
Component
openclaw
Fixed in
2026.3.1
2026.3.1
CVE-2026-32041 is an authentication bypass vulnerability affecting OpenClaw, a Node.js-based browser control platform. If automatic authentication bootstrapping fails during startup and no explicit credentials are provided, the browser-control routes could become accessible without authentication. This vulnerability impacts versions prior to 2026.3.1. The issue has been resolved by failing startup if authentication bootstrapping fails.
An attacker exploiting this vulnerability could gain unauthorized access to browser-control routes within OpenClaw. This access could include the ability to execute evaluate-capable actions, potentially leading to remote code execution or data manipulation depending on the specific actions available through the browser-control interface. The vulnerability is particularly concerning because it can be exploited via a local process or through an SSRF (Server-Side Request Forgery) path, meaning an attacker doesn't necessarily need to be on the same network as the OpenClaw instance. Successful exploitation could allow an attacker to control the browser and potentially compromise the underlying system.
CVE-2026-32041 was publicly disclosed on March 2, 2026. There is no indication of active exploitation campaigns at this time. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept code is not widely available, suggesting a relatively low probability of near-term exploitation, but the SSRF component warrants ongoing monitoring.
Exploit Status
EPSS
0.02% (4% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-32041 is to upgrade OpenClaw to version 2026.3.1 or later. This version implements a fix that prevents startup if authentication bootstrapping fails, effectively closing off the unauthenticated access path. If upgrading is not immediately feasible, consider implementing strict network segmentation to limit SSRF access to the OpenClaw instance. Additionally, ensure that any existing authentication mechanisms are robust and properly configured. There are no specific WAF rules or detection signatures readily available, so focus on patching and network isolation.
Update OpenClaw to version 2026.3.1 or later. This corrects the vulnerability that allows unauthenticated access to browser control routes due to errors in the initial authentication process.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-32041 is a medium-severity vulnerability in OpenClaw versions before 2026.3.1 that allows unauthorized access to browser-control routes if automatic authentication bootstrapping fails.
You are affected if you are using OpenClaw versions prior to 2026.3.1 and have not implemented compensating controls to prevent unauthorized access to browser-control routes.
Upgrade OpenClaw to version 2026.3.1 or later. This version includes a fix that prevents startup if authentication bootstrapping fails.
There is currently no evidence of active exploitation campaigns targeting CVE-2026-32041, but the SSRF component warrants ongoing monitoring.
Refer to the OpenClaw project's official website or GitHub repository for the latest security advisories and release notes.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.