Home / Vulnerability Intelligence / CVE-2026-43575

CVE-2026-43575 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: May 6, 2026

OpenClaw - Authentication Bypass

Published: May 6, 2026Updated: May 6, 2026Remote Exploitable

Overview

OpenClaw 2026.2.21 < 2026.4.10 contains an authentication bypass caused by lack of bridge authentication in the sandbox noVNC helper route, letting attackers gain unauthorized access to interactive browser session credentials, exploit requires no bridge authentication.

Severity & Score

Severity: Critical

CVSS Score: 9.8

Impact

Attackers can gain unauthorized access to interactive browser sessions, potentially compromising sensitive session data.

Mitigation

Upgrade to version 2026.4.10 or later.

References

https://github.com/openclaw/openclaw/commit/8dfbf3268bd224b7377d1ecca77a445100746085
https://github.com/openclaw/openclaw/security/advisories/GHSA-92jp-89mq-4374
https://www.vulncheck.com/advisories/openclaw-authentication-bypass-in-sandbox-novnc-helper-route

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-43575
Severity: Critical
CVSS Score: 9.8
Type: broken_authentication
Status: unconfirmed

CWE

CWE-862

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H