CVE-2026-43581: Critical OpenClaw Sandbox Vulnerability Exposes DevTools
The National Vulnerability Database (NVD) has disclosed CVE-2026-43581, a critical improper network binding vulnerability in OpenClaw before version 2026.4.10. This flaw affects the sandbox browser’s Chrome DevTools Protocol (CDP) relay, which is erroneously bound to 0.0.0.0.
This misconfiguration allows attackers to access the DevTools protocol from outside the intended local sandbox boundaries. With a CVSS score of 9.6 (CRITICAL) and a vector of CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H, the vulnerability presents a severe risk. Attackers can exploit this to gain high impact on confidentiality, integrity, and availability without requiring user interaction or prior privileges, provided they have network access.
For defenders, this means a directly exposed attack surface. The core issue is an overly broad binding configuration (CWE-1188) that bypasses the sandbox’s isolation. CISOs must understand that an attacker gaining access to DevTools can potentially execute arbitrary code, exfiltrate sensitive data, or manipulate browser behavior, effectively neutralizing the security benefits of the sandbox.
What This Means For You
- If your organization utilizes OpenClaw, immediately verify its version and patch to 2026.4.10 or later to remediate CVE-2026-43581. Audit network configurations to ensure the Chrome DevTools Protocol is not exposed externally, especially on sandbox environments.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-43581: OpenClaw DevTools Protocol Exposed on 0.0.0.0
title: CVE-2026-43581: OpenClaw DevTools Protocol Exposed on 0.0.0.0
id: scw-2026-05-06-ai-1
status: experimental
level: critical
description: |
Detects attempts to access the Chrome DevTools Protocol (CDP) exposed on the broad 0.0.0.0 address, which is indicative of the improper network binding vulnerability in OpenClaw (CVE-2026-43581). This allows attackers to potentially gain unauthorized access and control over the sandboxed browser environment.
author: SCW Feed Engine (AI-generated)
date: 2026-05-06
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-43581/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
dst_port:
- 9229
dst_ip:
- 0.0.0.0
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-43581 | Misconfiguration | OpenClaw before 2026.4.10 |
| CVE-2026-43581 | Information Disclosure | Sandbox browser CDP relay exposes Chrome DevTools Protocol on 0.0.0.0 |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 06, 2026 at 23:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-41484 — OpenTelemetry.Exporter.OneCollector is a .NET exporter that
CVE-2026-41484 — OpenTelemetry.Exporter.OneCollector is a .NET exporter that sends telemetry to a OneCollector back-end over HTTP. In versions 1.15.0 and earlier, when a request to...
CVE-2026-41483 — OpenTelemetry.Resources.Azure is the .NET resource detector
CVE-2026-41483 — OpenTelemetry.Resources.Azure is the .NET resource detector for Azure environments. In versions 1.15.0-beta.1 and earlier, the AzureVmMetaDataRequestor class makes HTTP requests to the Azure...
CVE-2026-41417 — Netty allows request-line validation to be bypassed when a
CVE-2026-41417 — Netty allows request-line validation to be bypassed when a `DefaultHttpRequest` or `DefaultFullHttpRequest` is created first and its URI is later changed via `setUri()`....