CVE-2026-28395 Overview
CVE-2026-28395 is an improper network binding vulnerability affecting OpenClaw versions 2026.1.14-1 through 2026.2.12. The flaw exists in the Chrome extension relay server component, which incorrectly treats wildcard hosts as loopback addresses. When a wildcard cdpUrl is configured, the relay HTTP/WebSocket server binds to all network interfaces instead of restricting to localhost, exposing internal services to remote attackers.
Critical Impact
Remote attackers can access relay HTTP endpoints off-host to leak service presence and port information, or conduct denial-of-service and brute-force attacks against the relay token header.
Affected Products
- OpenClaw version 2026.1.14-1 through versions prior to 2026.2.12
- OpenClaw Chrome Extension (when installed and enabled)
- Systems with wildcard cdpUrl configuration
Discovery Timeline
- 2026-03-05 - CVE-2026-28395 published to NVD
- 2026-03-05 - Last updated in NVD database
Technical Details for CVE-2026-28395
Vulnerability Analysis
This vulnerability is classified under CWE-1327 (Binding to an Unrestricted IP Address), which occurs when a server binds to a network address that allows connections from hosts on any network interface. In the case of CVE-2026-28395, the OpenClaw Chrome extension relay server fails to properly validate wildcard host configurations, causing the HTTP and WebSocket services to become accessible from external network interfaces.
The vulnerability requires the Chrome extension to be installed and enabled, along with a misconfigured wildcard cdpUrl setting. When these conditions are met, internal relay endpoints that should only be accessible locally become exposed to the network, creating multiple attack surfaces for information disclosure and service disruption.
Root Cause
The root cause lies in the relay server's host validation logic, which improperly interprets wildcard host patterns as equivalent to loopback addresses (127.0.0.1 or localhost). This logic flaw causes the server to bind to 0.0.0.0 instead of the intended loopback interface when wildcard configurations are used. The fix introduces centralized utility functions including isLoopbackHost to properly distinguish between wildcard patterns and legitimate loopback addresses.
Attack Vector
The attack vector is network-based, requiring no authentication or user interaction. An attacker on the same network or with network access to the vulnerable system can:
- Probe for exposed relay HTTP endpoints to enumerate service presence
- Discover open ports and gather reconnaissance information
- Conduct denial-of-service attacks by overwhelming the relay server
- Perform brute-force attacks against the relay token authentication header
// Security patch in src/agents/cli-runner/helpers.ts - refactor: centralize isPlainObject, isRecord, isErrno, isLoopbackHost utilities
import type { EmbeddedContextFile } from "../pi-embedded-helpers.js";
import { runExec } from "../../process/exec.js";
import { buildTtsSystemPromptHint } from "../../tts/tts.js";
-import { escapeRegExp } from "../../utils.js";
+import { escapeRegExp, isRecord } from "../../utils.js";
import { resolveDefaultModelForAgent } from "../model-selection.js";
import { detectRuntimeShell } from "../shell-utils.js";
import { buildSystemPromptParams } from "../system-prompt-params.js";
Source: GitHub Commit Update
// Security patch in src/browser/extension-relay.ts - fix: secure chrome extension relay cdp
+import type { IncomingMessage } from "node:http";
import type { AddressInfo } from "node:net";
import type { Duplex } from "node:stream";
+import { randomBytes } from "node:crypto";
import { createServer } from "node:http";
import WebSocket, { WebSocketServer } from "ws";
import { rawDataToString } from "../infra/ws.js";
Source: GitHub Commit Fix
Detection Methods for CVE-2026-28395
Indicators of Compromise
- Unexpected network connections to the Chrome extension relay server from non-localhost addresses
- Relay HTTP/WebSocket server listening on 0.0.0.0 instead of 127.0.0.1
- Unusual volume of requests to relay endpoints from external IP addresses
- Failed authentication attempts against the relay token header from remote hosts
Detection Strategies
- Monitor network bindings for services that should only listen on loopback interfaces
- Implement network traffic analysis to detect external connections to internal relay services
- Review OpenClaw configuration files for wildcard cdpUrl patterns
- Use port scanning detection to identify reconnaissance activity targeting relay endpoints
Monitoring Recommendations
- Configure alerts for any relay server binding events on non-loopback interfaces
- Implement logging for all authentication failures against relay token headers
- Monitor for port enumeration attempts originating from external networks
- Track unexpected increases in relay endpoint request volume
How to Mitigate CVE-2026-28395
Immediate Actions Required
- Upgrade OpenClaw to version 2026.2.12 or later immediately
- Review and remove any wildcard cdpUrl configurations from your OpenClaw settings
- Verify the Chrome extension relay server is binding only to loopback addresses
- Implement network segmentation to isolate systems running vulnerable versions
Patch Information
The vulnerability has been addressed through two security commits. The primary fix (commit a1e89afcc19efd641c02b24d66d689f181ae2b5c) secures the Chrome extension relay CDP handling by properly validating host bindings and implementing cryptographic token generation. A supporting refactoring commit (8d75a496bf5aaab1755c56cf48502d967c75a1d0) centralizes utility functions including isLoopbackHost for consistent host validation throughout the codebase.
For detailed patch information, refer to the GitHub Security Advisory GHSA-qw99-grcx-4pvm and the VulnCheck Advisory.
Workarounds
- Explicitly configure cdpUrl to use 127.0.0.1 or localhost instead of wildcard patterns
- Use firewall rules to block external access to relay server ports
- Disable the Chrome extension when not actively required
- Implement network-level access controls to restrict connections to the relay server
# Configuration example
# Ensure cdpUrl is explicitly set to loopback address in OpenClaw configuration
# Instead of: cdpUrl: "*"
# Use: cdpUrl: "127.0.0.1" or cdpUrl: "localhost"
# Verify relay server binding (should show 127.0.0.1, not 0.0.0.0)
netstat -tlnp | grep openclaw
# Block external access to relay ports via firewall
iptables -A INPUT -p tcp --dport <relay_port> ! -s 127.0.0.1 -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
