CVE-2026-26327— OpenClaw allows unauthenticated discovery TXT records to steer routing and TLS pinning
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-26327
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenClaw allows unauthenticated discovery TXT records to steer routing and TLS pinning
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenClaw is a personal AI assistant. Discovery beacons (Bonjour/mDNS and DNS-SD) include TXT records such as `lanHost`, `tailnetDns`, `gatewayPort`, and `gatewayTlsSha256`. TXT records are unauthenticated. Prior to version 2026.2.14, some clients treated TXT values as authoritative routing/pinning inputs. iOS and macOS used TXT-provided host hints (`lanHost`/`tailnetDns`) and ports (`gatewayPort`) to build the connection URL. iOS and Android allowed the discovery-provided TLS fingerprint (`gatewayTlsSha256`) to override a previously stored TLS pin. On a shared/untrusted LAN, an attacker could advertise a rogue `_openclaw-gw._tcp` service. This could cause a client to connect to an attacker-controlled endpoint and/or accept an attacker certificate, potentially exfiltrating Gateway credentials (`auth.token` / `auth.password`) during connection. As of time of publication, the iOS and Android apps are alpha/not broadly shipped (no public App Store / Play Store release). Practical impact is primarily limited to developers/testers running those builds, plus any other shipped clients relying on discovery on a shared/untrusted LAN. Version 2026.2.14 fixes the issue. Clients now prefer the resolved service endpoint (SRV + A/AAAA) over TXT-provided routing hints. Discovery-provided fingerprints no longer override stored TLS pins. In iOS/Android, first-time TLS pins require explicit user confirmation (fingerprint shown; no silent TOFU) and discovery-based direct connects are TLS-only. In Android, hostname verification is no longer globally disabled (only bypassed when pinning).
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对数据真实性的验证不充分
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenClaw 数据伪造问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenClaw是openclaw开源的一个智能人工助理。 OpenClaw 2026.2.14之前版本存在数据伪造问题漏洞,该漏洞源于发现信标中的TXT记录未经身份验证,某些客户端将TXT值视为权威的路由/固定输入,在共享/不受信任的LAN上,攻击者可发布恶意服务,可能导致客户端连接到攻击者控制的端点或接受攻击者证书,从而泄露网关凭据。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-26327
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-26327
请登录查看更多情报信息。
Same Patch Batch · openclaw · 2026-02-19 · 22 CVEs total
| CVE-2026-26322 | 7.6 HIGH | OpenClaw Gateway tool allowed unrestricted gatewayUrl override |
| CVE-2026-26316 | 7.5 HIGH | OpenClaw has BlueBubbles webhook auth bypass via loopback proxy trust |
| CVE-2026-26319 | 7.5 HIGH | OpenClaw has Missing Webhook Authentication in Telnyx Provider Allowing Unauthenticated Re |
| CVE-2026-25474 | 7.5 HIGH | OpenClaw has a Telegram webhook request forgery (missing `channels.telegram.webhookSecret` |
| CVE-2026-26321 | 7.5 HIGH | OpenClaw has a local file disclosure via sendMediaFeishu in Feishu extension |
| CVE-2026-26324 | 7.5 HIGH | OpenClaw has a SSRF guard bypass via full-form IPv4-mapped IPv6 (loopback / metadata reach |
| CVE-2026-26325 | 7.2 HIGH | OpenClaw Node host system.run rawCommand/command mismatch can bypass allowlist/approvals |
| CVE-2026-26317 | 7.1 HIGH | OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation e |
| CVE-2026-26972 | 6.7 MEDIUM | OpenClaw has a Path Traversal in Browser Download Functionality |
| CVE-2026-26328 | 6.5 MEDIUM | OpenClaw iMessage group allowlist authorization inherited DM pairing-store identities |
| CVE-2026-27009 | 5.8 MEDIUM | OpenClaw affected by Stored XSS in Control UI via unsanitized assistant name/avatar in inl |
| CVE-2026-26326 | OpenClaw skills.status could leak secrets to operator.read clients | |
| CVE-2026-26329 | OpenClaw has a path traversal in browser upload allows local file read | |
| CVE-2026-26323 | OpenClaw has a command injection in maintainer clawtributors updater | |
| CVE-2026-27001 | OpenClaw: Unsanitized CWD path injection into LLM prompts | |
| CVE-2026-27002 | OpenClaw: Docker container escape via unvalidated bind mount config injection | |
| CVE-2026-27003 | OpenClaw: Telegram bot token exposure via logs | |
| CVE-2026-27004 | OpenClaw session tool visibility hardening and Telegram webhook secret fallback | |
| CVE-2026-27007 | OpenClaw's sandbox config hash sorted primitive arrays and suppressed needed container rec | |
| CVE-2026-27008 | OpenClaw hardened the skill download target directory validation |
Showing top 20 of 22 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: openclaw
- CVE-2026-44118
OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Tok - CVE-2026-44116
OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo P - CVE-2026-44117
OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot - CVE-2026-44115
OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted He - CVE-2026-44114
OpenClaw < 2026.4.20 - Environment Variable Namespace Collis
Same vendor: openclaw
- CVE-2026-44118
OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Tok - CVE-2026-44116
OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo P - CVE-2026-44117
OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot - CVE-2026-44115
OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted He - CVE-2026-44114
OpenClaw < 2026.4.20 - Environment Variable Namespace Collis
Same weakness: CWE-345
- CVE-2026-42575
apko doesn't verify downloaded apk packages against APKINDEX - CVE-2026-41432
New API: Stripe Webhook Signature Bypass via Empty Secret En - CVE-2026-42206
Roadiz OpenID Connect nonce generated but never validated — - CVE-2026-31835
Vaultwarden WebAuthn credential metadata tampered before sig - CVE-2026-43534
OpenClaw < 2026.4.10 - Unsanitized External Input in Agent H
V. Comments for CVE-2026-26327
No comments yet