OpenClaw < 2026.2.22 - Chrome CDP Probe के माध्यम से गेटवे टोकन का प्रकटीकरण
प्लेटफ़ॉर्म
nodejs
घटक
openclaw
में ठीक किया गया
2026.2.22
CVE-2026-22174 describes a token injection vulnerability discovered in OpenClaw. This flaw allows local processes to intercept the Gateway authentication token by exploiting the injection of the x-OpenClaw-relay-token header into Chrome CDP probe traffic on loopback interfaces. The vulnerability impacts OpenClaw versions prior to 2026.2.22, and a fix is available in version 2026.2.22.
प्रभाव और हमले की स्थितियाँअनुवाद हो रहा है…
An attacker with access to a loopback port can exploit this vulnerability by intercepting Chrome CDP reachability probes to the /json/version endpoint. By doing so, they can capture the leaked authentication token and reuse it as a Gateway bearer authentication token. This allows the attacker to potentially gain unauthorized access to resources protected by the Gateway, depending on the token's permissions. The impact is limited to local access, as the vulnerability relies on loopback traffic, preventing remote exploitation. However, within a compromised local environment, the attacker's capabilities are significantly expanded.
शोषण संदर्भअनुवाद हो रहा है…
CVE-2026-22174 was publicly disclosed on 2026-03-18. There are currently no known public proof-of-concept exploits available. The vulnerability is not listed on the CISA KEV catalog as of this writing. The probability of exploitation is considered low given the local access requirement and lack of public exploits, but should be monitored.
कौन जोखिम में हैअनुवाद हो रहा है…
Development environments utilizing OpenClaw are at risk, particularly those with shared development machines or containers where multiple processes have access to the loopback interface. Systems with misconfigured network access controls allowing local processes to freely communicate on the loopback interface are also vulnerable.
पहचान के चरणअनुवाद हो रहा है…
• nodejs: Monitor OpenClaw logs for unusual CDP probe traffic on loopback interfaces (127.0.0.1).
• nodejs: Use netstat -an | grep :9229 to identify processes listening on the Chrome DevTools Protocol port (default 9229).
• nodejs: Inspect the x-OpenClaw-relay-token header in CDP probe requests using a network sniffer (e.g., Wireshark) on the loopback interface.
• nodejs: Check for unauthorized processes accessing the OpenClaw instance via the loopback interface.
हमले की समयरेखा
- Disclosure
disclosure
खतरा खुफिया
एक्सप्लॉइट स्थिति
EPSS
0.02% (4% शतमक)
CISA SSVC
CVSS वेक्टर
इन मेट्रिक्स का क्या मतलब है?
- Attack Vector
- स्थानीय — हमलावर को सिस्टम पर स्थानीय सत्र या शेल की आवश्यकता है।
- Attack Complexity
- निम्न — कोई विशेष शर्त नहीं। विश्वसनीय रूप से शोषण योग्य।
- Privileges Required
- कोई नहीं — बिना प्रमाणीकरण के शोषण योग्य।
- User Interaction
- कोई नहीं — स्वचालित और मूक हमला। पीड़ित कुछ नहीं करता।
- Scope
- अपरिवर्तित — प्रभाव केवल कमज़ोर घटक तक सीमित।
- Confidentiality
- उच्च — पूर्ण गोपनीयता हानि। हमलावर सभी डेटा पढ़ सकता है।
- Integrity
- निम्न — हमलावर सीमित दायरे में कुछ डेटा बदल सकता है।
- Availability
- कोई नहीं — उपलब्धता पर कोई प्रभाव नहीं।
प्रभावित सॉफ्टवेयर
कमजोरी वर्गीकरण (CWE)
समयरेखा
- आरक्षित
- प्रकाशित
- संशोधित
- EPSS अद्यतन
शमन और वर्कअराउंडअनुवाद हो रहा है…
The primary mitigation for CVE-2026-22174 is to upgrade OpenClaw to version 2026.2.22 or later. If upgrading is not immediately feasible, consider isolating the OpenClaw instance from local processes that could potentially intercept the CDP traffic. This could involve restricting access to the loopback interface or implementing network segmentation. While a WAF is unlikely to be effective in this scenario due to the local nature of the attack, monitoring for unusual CDP traffic on the loopback interface could provide early detection. After upgrading, confirm the fix by verifying that the x-OpenClaw-relay-token header is no longer injected into CDP probe traffic on loopback interfaces.
कैसे ठीक करें
OpenClaw को 2026.2.22 या बाद के संस्करण में अपडेट करें। यह Chrome CDP Probe ट्रैफ़िक के माध्यम से प्रमाणीकरण टोकन के प्रकटीकरण की अनुमति देने वाले भेद्यता को ठीक करता है।
CVE सुरक्षा न्यूज़लेटर
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
अक्सर पूछे जाने वाले सवालअनुवाद हो रहा है…
What is CVE-2026-22174 — Token Injection in OpenClaw?
CVE-2026-22174 is a vulnerability in OpenClaw versions prior to 2026.2.22 that allows local processes to capture the Gateway authentication token via injected headers in Chrome CDP probe traffic.
Am I affected by CVE-2026-22174 in OpenClaw?
You are affected if you are using OpenClaw versions 2026.2.22 or earlier and have local processes that could potentially intercept CDP traffic on the loopback interface.
How do I fix CVE-2026-22174 in OpenClaw?
Upgrade OpenClaw to version 2026.2.22 or later. If upgrading is not possible, isolate the OpenClaw instance from local processes.
Is CVE-2026-22174 being actively exploited?
As of now, there are no known public exploits or confirmed active exploitation campaigns targeting CVE-2026-22174.
Where can I find the official OpenClaw advisory for CVE-2026-22174?
Refer to the OpenClaw project's official website or security advisories for the latest information regarding CVE-2026-22174.
क्या आपका प्रोजेक्ट प्रभावित है?
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।