GHSA-jw7v-5mp7-ghgmMediumCVSS 8.5

OpenClaw before 2026.6.6 contains a policy bypass vulnerability in browser CDP discovery that...

Published
July 14, 2026
Last Modified
July 14, 2026

🔗 CVE IDs covered (1)

📋 Description

OpenClaw before 2026.6.6 contains a policy bypass vulnerability in browser CDP discovery that accepts blocked WebSocket URLs. Attackers with lower-trust access can reach network destinations that should have been blocked by OpenClaw policy when the affected feature is enabled.

🔗 References (4)