CVE-2026-32064 Overview
CVE-2026-32064 is an authentication bypass vulnerability in OpenClaw versions prior to 2026.2.21. The sandbox browser entrypoint launches x11vnc without authentication for noVNC observer sessions, allowing unauthenticated access to the VNC interface. Remote attackers on the host loopback interface can connect to the exposed noVNC port to observe or interact with the sandbox browser without credentials.
Critical Impact
Unauthenticated attackers with access to the host loopback interface can observe and interact with sandbox browser sessions, potentially exposing sensitive data and enabling unauthorized control of browser activities.
Affected Products
- OpenClaw versions prior to 2026.2.21
- OpenClaw Node.js package (cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*)
Discovery Timeline
- 2026-03-21 - CVE-2026-32064 published to NVD
- 2026-03-24 - Last updated in NVD database
Technical Details for CVE-2026-32064
Vulnerability Analysis
This vulnerability stems from a missing authentication mechanism (CWE-306) in OpenClaw's sandbox browser implementation. When noVNC observer sessions are enabled, the x11vnc process is launched without password protection, creating an open VNC interface that accepts connections without credential verification. The vulnerability exists in the sandbox browser entrypoint script, which configures the VNC server for remote viewing capabilities but fails to enforce authentication requirements.
The local attack vector means that exploitation requires access to the host's loopback interface, which could be achieved by attackers who have compromised another service on the same host or have local access to the system. Once connected, an attacker can observe all browser activity within the sandbox, potentially capturing sensitive information such as authentication tokens, credentials, or confidential data being processed.
Root Cause
The root cause lies in the sandbox-browser-entrypoint.sh script, which initializes the VNC server without configuring password authentication. The environment variable OPENCLAW_BROWSER_NOVNC_PASSWORD (or its legacy equivalent CLAWDBOT_BROWSER_NOVNC_PASSWORD) was not implemented, leaving the noVNC observer interface completely open to any connection on the loopback interface.
Attack Vector
An attacker with access to the host loopback interface can exploit this vulnerability by:
- Identifying the exposed noVNC port on the target system
- Connecting directly to the VNC interface without providing credentials
- Observing real-time sandbox browser activity or interacting with the browser session
- Capturing sensitive data displayed or processed within the sandbox environment
The following patch adds password authentication support to the sandbox browser entrypoint:
ENABLE_NOVNC="${OPENCLAW_BROWSER_ENABLE_NOVNC:-${CLAWDBOT_BROWSER_ENABLE_NOVNC:-1}}"
HEADLESS="${OPENCLAW_BROWSER_HEADLESS:-${CLAWDBOT_BROWSER_HEADLESS:-0}}"
ALLOW_NO_SANDBOX="${OPENCLAW_BROWSER_NO_SANDBOX:-${CLAWDBOT_BROWSER_NO_SANDBOX:-0}}"
+NOVNC_PASSWORD="${OPENCLAW_BROWSER_NOVNC_PASSWORD:-${CLAWDBOT_BROWSER_NOVNC_PASSWORD:-}}"
mkdir -p "${HOME}" "${HOME}/.chrome" "${XDG_CONFIG_HOME}" "${XDG_CACHE_HOME}"
Source: GitHub Commit Update
The TypeScript module was also updated to support reading the password configuration:
buildSandboxCreateArgs,
dockerContainerState,
execDocker,
+ readDockerContainerEnvVar,
readDockerContainerLabel,
readDockerPort,
} from "./docker.js";
Source: GitHub Commit Update
Detection Methods for CVE-2026-32064
Indicators of Compromise
- Unexpected VNC connections to sandbox browser ports on the loopback interface
- Anomalous processes connecting to noVNC endpoints without prior authentication
- Unusual network traffic patterns to VNC-related ports (typically 5900-5999 or WebSocket ports)
- Evidence of unauthorized browser session observation in application logs
Detection Strategies
- Monitor for connections to noVNC ports that lack authentication handshakes
- Implement network traffic analysis for VNC protocol communications on localhost interfaces
- Review OpenClaw sandbox logs for unexpected observer session activity
- Use endpoint detection tools to identify unauthorized access to VNC services
Monitoring Recommendations
- Enable detailed logging for all VNC and noVNC connection attempts
- Configure alerts for unauthenticated connection attempts to sandbox services
- Implement process monitoring to detect x11vnc instances running without authentication flags
- Regularly audit network listeners on loopback interfaces for exposed services
How to Mitigate CVE-2026-32064
Immediate Actions Required
- Upgrade OpenClaw to version 2026.2.21 or later immediately
- If upgrade is not immediately possible, disable noVNC observer sessions by setting OPENCLAW_BROWSER_ENABLE_NOVNC=0
- Audit systems for evidence of unauthorized VNC access
- Review and restrict network access to the host loopback interface
Patch Information
OpenClaw has released security patches to address this vulnerability. The fixes introduce password authentication support for noVNC observer sessions through the OPENCLAW_BROWSER_NOVNC_PASSWORD environment variable. Users should upgrade to version 2026.2.21 or apply the security commits directly.
For detailed patch information, refer to the GitHub Security Advisory and the related commits:
Workarounds
- Disable noVNC observer functionality entirely until patching is possible
- Implement network-level access controls to restrict access to VNC ports on the loopback interface
- Deploy firewall rules to block unauthorized connections to sandbox services
- Use container isolation or network namespacing to limit exposure of VNC services
# Disable noVNC observer sessions temporarily
export OPENCLAW_BROWSER_ENABLE_NOVNC=0
# Or set a strong password (requires patched version)
export OPENCLAW_BROWSER_NOVNC_PASSWORD="your-secure-password-here"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
