Plateforme
nodejs
Composant
openclaw
Corrigé dans
2026.3.1
2026.3.1
CVE-2026-32041 is an authentication bypass vulnerability affecting OpenClaw, a Node.js-based browser control platform. If automatic authentication bootstrapping fails during startup and no explicit credentials are provided, the browser-control routes could become accessible without authentication. This vulnerability impacts versions prior to 2026.3.1. The issue has been resolved by failing startup if authentication bootstrapping fails.
An attacker exploiting this vulnerability could gain unauthorized access to browser-control routes within OpenClaw. This access could include the ability to execute evaluate-capable actions, potentially leading to remote code execution or data manipulation depending on the specific actions available through the browser-control interface. The vulnerability is particularly concerning because it can be exploited via a local process or through an SSRF (Server-Side Request Forgery) path, meaning an attacker doesn't necessarily need to be on the same network as the OpenClaw instance. Successful exploitation could allow an attacker to control the browser and potentially compromise the underlying system.
CVE-2026-32041 was publicly disclosed on March 2, 2026. There is no indication of active exploitation campaigns at this time. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept code is not widely available, suggesting a relatively low probability of near-term exploitation, but the SSRF component warrants ongoing monitoring.
Organizations deploying OpenClaw in environments with potential SSRF vulnerabilities are at the highest risk. This includes deployments where the OpenClaw instance has access to internal services or resources that could be leveraged for SSRF attacks. Shared hosting environments where multiple users share the same OpenClaw instance are also at increased risk.
• nodejs / server:
ps aux | grep openclaw• nodejs / server:
npm list -g openclaw• nodejs / server:
journalctl -u openclaw --since "1 hour ago"• generic web:
curl -I http://<openclaw_host>/browser-control/evaluate• generic web:
grep -r "browser-control/evaluate" /var/log/nginx/access.logdisclosure
Statut de l'Exploit
EPSS
0.02% (percentile 4%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2026-32041 is to upgrade OpenClaw to version 2026.3.1 or later. This version implements a fix that prevents startup if authentication bootstrapping fails, effectively closing off the unauthenticated access path. If upgrading is not immediately feasible, consider implementing strict network segmentation to limit SSRF access to the OpenClaw instance. Additionally, ensure that any existing authentication mechanisms are robust and properly configured. There are no specific WAF rules or detection signatures readily available, so focus on patching and network isolation.
Mettez à jour OpenClaw à la version 2026.3.1 ou ultérieure. Cela corrige la vulnérabilité qui permet un accès non authentifié aux routes de contrôle du navigateur en raison d'erreurs dans le processus d'authentification initial.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-32041 is a medium-severity vulnerability in OpenClaw versions before 2026.3.1 that allows unauthorized access to browser-control routes if automatic authentication bootstrapping fails.
You are affected if you are using OpenClaw versions prior to 2026.3.1 and have not implemented compensating controls to prevent unauthorized access to browser-control routes.
Upgrade OpenClaw to version 2026.3.1 or later. This version includes a fix that prevents startup if authentication bootstrapping fails.
There is currently no evidence of active exploitation campaigns targeting CVE-2026-32041, but the SSRF component warrants ongoing monitoring.
Refer to the OpenClaw project's official website or GitHub repository for the latest security advisories and release notes.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.