OpenClaw exposes CDP relay traffic (CVE-2026-43581)

Patch now - CVE-2026-43581 is a critical improper network binding vulnerability in OpenClaw before 2026.4.10 that exposes Chrome DevTools Protocol on all network interfaces, letting adjacent attackers control the sandbox browser and extract sensitive data. Upgrade to version 2026.4.10 immediately.

Overview

CVE-2026-43581 affects OpenClaw, an open-source browser engine, where the sandbox browser CDP relay binds to 0.0.0.0 instead of the intended localhost-only interface. This improper network binding allows attackers on the same network segment to access the Chrome DevTools Protocol (CDP) without authentication, bypassing the sandbox boundaries designed to isolate browser operations.

The vulnerability carries a CVSS v3.1 score of 9.6 (CRITICAL) with the vector AV:A/AC:L/PR:N/UI:N (adjacent network, low complexity, no privileges required, no user interaction). No exploitation has been confirmed in the wild at the time of publication.

What An Attacker Can Do

An adjacent attacker who can reach the exposed CDP relay can:

• Execute arbitrary JavaScript in the browser context
• Read cookies, session tokens, and stored credentials
• Intercept HTTPS traffic rendered within the sandbox
• Steal DOM content exposed in the sandbox

Because CDP provides full programmatic control of the browser instance, this effectively bypasses the security sandbox that OpenClaw uses to isolate untrusted content from the host.

Affected Versions

• OpenClaw versions prior to 2026.4.10

Remediation

Upgrade to OpenClaw 2026.4.10 or later. The fix changes the CDP relay binding from 0.0.0.0 to localhost-only, restricting DevTools access to the local machine.

Mitigation (if immediate upgrade is not possible): Use a host-based firewall to block inbound connections to the CDP relay port from any interface other than loopback (127.0.0.1). This limits exposure to local processes only.

Related Threats

This vulnerability is reminiscent of how DevTools exposure in other products has led to serious compromise. For comparison, Google has addressed Chrome zero-days exploited in the wild and Chrome extensions that escalate privileges. Additionally, threat actors such as APT41-linked Silver Dragon have leveraged exposed browser interfaces for initial access.

Security Insight

CVE-2026-43581 is a textbook example of an insecure default binding: the product’s sandbox isolation relies on network-layer separation, but a single configurable binding address bypasses that entire security model. For security teams, this underscores that any component binding to 0.0.0.0 should be treated as a network-accessible service and subjected to the same access controls as a public-facing server. A better architectural pattern would be to bind CDP only to a Unix domain socket or named pipe, eliminating the network attack surface entirely.

Further Reading

• Google Fixes Two Chrome Zero-Days Exploited in the Wild
• New Chrome Vulnerability Let Malicious Extensions
• APT41-Linked Silver Dragon Targets Governments Using
• All Critical Vulnerabilities
• Recent Critical Vulnerabilities
• Top Critical CVEs