CVE-2026-28485 Overview
OpenClaw versions 2026.1.5 prior to 2026.2.12 fail to enforce mandatory authentication on the /agent/act browser-control HTTP route, allowing unauthorized local callers to invoke privileged operations. Remote attackers on the local network or local processes can execute arbitrary browser-context actions and access sensitive in-session data by sending requests to unauthenticated endpoints.
Critical Impact
Unauthorized access to browser control endpoints enables attackers to execute privileged browser-context operations and exfiltrate sensitive session data without any authentication requirements.
Affected Products
- OpenClaw versions 2026.1.5 through 2026.2.11
- OpenClaw browser control service with exposed HTTP endpoints
- Systems running OpenClaw with local network accessibility
Discovery Timeline
- 2026-03-05 - CVE CVE-2026-28485 published to NVD
- 2026-03-05 - Last updated in NVD database
Technical Details for CVE-2026-28485
Vulnerability Analysis
This vulnerability is classified as CWE-306 (Missing Authentication for Critical Function). The OpenClaw browser control service exposes HTTP endpoints that handle privileged browser operations without implementing proper authentication checks. The /agent/act route accepts requests from any local caller, whether from the network or local processes, without validating credentials or tokens.
The lack of authentication creates a significant security gap where any process or network peer with access to the service endpoint can invoke browser automation actions. This includes operations that may access sensitive data within browser sessions, manipulate page content, or perform actions on behalf of authenticated users.
Root Cause
The root cause lies in the browser control HTTP service implementation, which originally lacked an authentication layer for incoming requests. The src/browser/client-fetch.ts module processed control requests without first validating that the caller possessed valid credentials. The authentication configuration and token resolution logic was entirely absent from the control flow.
Attack Vector
The attack vector is local, requiring the attacker to have access to the local network or execute code on the same system where OpenClaw is running. An attacker can craft HTTP requests to the browser control endpoints to:
- Execute arbitrary browser actions within the context of active sessions
- Access and exfiltrate sensitive in-session data
- Manipulate browser state and content without authorization
The patch introduces a new authentication module that enforces credential validation:
import crypto from "node:crypto";
import type { OpenClawConfig } from "../config/config.js";
import { loadConfig, writeConfigFile } from "../config/config.js";
import { resolveGatewayAuth } from "../gateway/auth.js";
export type BrowserControlAuth = {
token?: string;
password?: string;
};
export function resolveBrowserControlAuth(
cfg: OpenClawConfig | undefined,
env: NodeJS.ProcessEnv = process.env,
): BrowserControlAuth {
const auth = resolveGatewayAuth({
authConfig: cfg?.gateway?.auth,
env,
tailscaleMode: cfg?.gateway?.tailscale?.mode,
});
const token = typeof auth.token === "string" ? auth.token.trim() : "";
const password = typeof auth.password === "string" ? auth.password.trim() : "";
return {
token: token || undefined,
password: password || undefined,
};
}
function shouldAutoGenerateBrowserAuth(env: NodeJS.ProcessEnv): boolean {
const nodeEnv = (env.NODE_ENV ?? "").trim().toLowerCase();
if (nodeEnv === "test") {
Source: GitHub Commit Changes
Detection Methods for CVE-2026-28485
Indicators of Compromise
- Unexpected HTTP requests to /agent/act or browser control endpoints from unknown sources
- Unauthenticated access attempts logged in OpenClaw service logs
- Anomalous browser automation activity or session data access patterns
- Network traffic to browser control ports from unauthorized local addresses
Detection Strategies
- Monitor network traffic for HTTP requests to browser control endpoints lacking authentication headers
- Implement logging for all requests to the /agent/act route and alert on missing token/password parameters
- Review process execution logs for unexpected local processes communicating with OpenClaw services
- Deploy host-based intrusion detection to identify unauthorized local network connections
Monitoring Recommendations
- Enable verbose logging for the OpenClaw browser control service
- Configure alerting for failed authentication attempts once patched
- Monitor for lateral movement indicators on systems running OpenClaw
- Audit local firewall rules to ensure browser control ports are not unnecessarily exposed
How to Mitigate CVE-2026-28485
Immediate Actions Required
- Upgrade OpenClaw to version 2026.2.12 or later immediately
- Restrict network access to browser control HTTP endpoints using firewall rules
- Audit systems for signs of unauthorized browser control endpoint access
- Review and rotate any sensitive credentials that may have been exposed through browser sessions
Patch Information
The security fix has been committed to the OpenClaw repository. The patch introduces the resolveBrowserControlAuth function in src/browser/control-auth.ts and integrates authentication requirements into the src/browser/client-fetch.ts module. Organizations should update to version 2026.2.12 or apply the patch from commit 9230a2ae14307740a13ada7afd6dcfab34e0287f.
For detailed information, refer to the GitHub Security Advisory and VulnCheck Advisory.
Workarounds
- Implement network-level access controls to restrict browser control endpoint accessibility to trusted sources only
- Use firewall rules to block external access to the browser control service ports
- Run OpenClaw in isolated network segments where only authorized processes can reach the service
- Consider disabling the browser control HTTP service if not required for operations
# Configuration example - Restrict access to browser control service
# Add firewall rule to limit access to localhost only
iptables -A INPUT -p tcp --dport <openclaw-control-port> ! -s 127.0.0.1 -j DROP
# Alternatively, configure OpenClaw to bind only to localhost
# Update config to set gateway.host to 127.0.0.1
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
