This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π‘οΈ **CWE-862**: Missing Authorization. <br>π **Flaw**: The noVNC helper route does not verify user identity before granting access. It trusts the request blindly.
Q3Who is affected? (Versions/Components)
π¦ **Vendor**: OpenClaw. <br>π **Affected**: Versions **before 2026.4.10**. <br>β οΈ **Includes**: Version 2026.2.21 and all prior releases.
Q4What can hackers do? (Privileges/Data)
π€ **Privileges**: Unauthorized access to sandboxed browser sessions. <br>π **Data**: Full visibility of interactive browser UI. Potential credential theft from exposed sessions.
Q5Is exploitation threshold high? (Auth/Config)
π **Threshold**: **LOW**. <br>π **Auth**: None required. <br>π **Config**: Network accessible (AV:N). No user interaction needed (UI:N). Easy remote exploitation.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π« **Public Exp**: No PoC listed in data. <br>π **Wild Exp**: Unconfirmed. <br>π **Note**: VulnCheck advisory exists, but code-level exploit is not public yet.
Q7How to self-check? (Features/Scanning)
π **Check**: Scan for OpenClaw instances. <br>π§ͺ **Test**: Attempt direct access to noVNC helper routes without authentication tokens. <br>π **Indicator**: Look for version strings < 2026.4.10.
Q8Is it fixed officially? (Patch/Mitigation)
β **Fixed**: Yes. <br>π§ **Patch**: Version **2026.4.10** or later. <br>π **Ref**: GitHub Security Advisory GHSA-92jp-89mq-4374. Commit 8dfbf32 fixes it.
Q9What if no patch? (Workaround)
π **Workaround**: Isolate the sandbox network. <br>π« **Block**: Restrict access to noVNC helper routes via firewall/WAF. <br>π **Monitor**: Alert on unauthorized access attempts to these endpoints.