CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-26327

OpenClaw is a personal AI assistant. Discovery beacons (Bonjour/mDNS and DNS-SD) include TXT records such as `lanHost`, `tailnetDns`, `gatewayPort`, and `gatewayTlsSha256`. TXT records are unauthenticated. Prior to version 2026.2.14, some clients treated TXT values as authoritative routing/pinning inputs. iOS and macOS used TXT-provided host hints (`lanHost`/`tailnetDns`) and ports (`gatewayPort`) to build the connection URL. iOS and Android allowed the discovery-provided TLS fingerprint (`gatewayTlsSha256`) to override a previously stored TLS pin. On a shared/untrusted LAN, an attacker could advertise a rogue `_openclaw-gw._tcp` service. This could cause a client to connect to an attacker-controlled endpoint and/or accept an attacker certificate, potentially exfiltrating Gateway credentials (`auth.token` / `auth.password`) during connection. As of time of publication, the iOS and Android apps are alpha/not broadly shipped (no public App Store / Play Store release). Practical impact is primarily limited to developers/testers running those builds, plus any other shipped clients relying on discovery on a shared/untrusted LAN. Version 2026.2.14 fixes the issue. Clients now prefer the resolved service endpoint (SRV + A/AAAA) over TXT-provided routing hints. Discovery-provided fingerprints no longer override stored TLS pins. In iOS/Android, first-time TLS pins require explicit user confirmation (fingerprint shown; no silent TOFU) and discovery-based direct connects are TLS-only. In Android, hostname verification is no longer globally disabled (only bypassed when pinning).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 0.1%

CVSS Severity

CVSS v3 Score 6.5

References

Products affected by CVE-2026-26327

Openclaw » Openclaw » Version: 0.1.0

cpe:2.3:a:openclaw:openclaw:0.1.0
Openclaw » Openclaw » Version: 0.1.1

cpe:2.3:a:openclaw:openclaw:0.1.1
Openclaw » Openclaw » Version: 0.1.2

cpe:2.3:a:openclaw:openclaw:0.1.2
Openclaw » Openclaw » Version: 0.1.3

cpe:2.3:a:openclaw:openclaw:0.1.3
Openclaw » Openclaw » Version: 1.0.4

cpe:2.3:a:openclaw:openclaw:1.0.4
Openclaw » Openclaw » Version: 1.1.0

cpe:2.3:a:openclaw:openclaw:1.1.0
Openclaw » Openclaw » Version: 1.2.0

cpe:2.3:a:openclaw:openclaw:1.2.0
Openclaw » Openclaw » Version: 1.2.1

cpe:2.3:a:openclaw:openclaw:1.2.1
Openclaw » Openclaw » Version: 1.2.2

cpe:2.3:a:openclaw:openclaw:1.2.2
Openclaw » Openclaw » Version: 1.3.0

cpe:2.3:a:openclaw:openclaw:1.3.0
Openclaw » Openclaw » Version: 2.0.0

cpe:2.3:a:openclaw:openclaw:2.0.0
Openclaw » Openclaw » Version: 2026.1.10

cpe:2.3:a:openclaw:openclaw:2026.1.10
Openclaw » Openclaw » Version: 2026.1.11

cpe:2.3:a:openclaw:openclaw:2026.1.11
Openclaw » Openclaw » Version: 2026.1.11-1

cpe:2.3:a:openclaw:openclaw:2026.1.11-1
Openclaw » Openclaw » Version: 2026.1.11-2

cpe:2.3:a:openclaw:openclaw:2026.1.11-2
Openclaw » Openclaw » Version: 2026.1.11-3

cpe:2.3:a:openclaw:openclaw:2026.1.11-3
Openclaw » Openclaw » Version: 2026.1.11-4

cpe:2.3:a:openclaw:openclaw:2026.1.11-4
Openclaw » Openclaw » Version: 2026.1.111

cpe:2.3:a:openclaw:openclaw:2026.1.111
Openclaw » Openclaw » Version: 2026.1.112

cpe:2.3:a:openclaw:openclaw:2026.1.112
Openclaw » Openclaw » Version: 2026.1.113

cpe:2.3:a:openclaw:openclaw:2026.1.113
Openclaw » Openclaw » Version: 2026.1.12

cpe:2.3:a:openclaw:openclaw:2026.1.12
Openclaw » Openclaw » Version: 2026.1.12-1

cpe:2.3:a:openclaw:openclaw:2026.1.12-1
Openclaw » Openclaw » Version: 2026.1.12-2

cpe:2.3:a:openclaw:openclaw:2026.1.12-2
Openclaw » Openclaw » Version: 2026.1.122

cpe:2.3:a:openclaw:openclaw:2026.1.122
Openclaw » Openclaw » Version: 2026.1.13

cpe:2.3:a:openclaw:openclaw:2026.1.13
Openclaw » Openclaw » Version: 2026.1.14-1

cpe:2.3:a:openclaw:openclaw:2026.1.14-1
Openclaw » Openclaw » Version: 2026.1.141

cpe:2.3:a:openclaw:openclaw:2026.1.141
Openclaw » Openclaw » Version: 2026.1.15

cpe:2.3:a:openclaw:openclaw:2026.1.15
Openclaw » Openclaw » Version: 2026.1.16-1

cpe:2.3:a:openclaw:openclaw:2026.1.16-1
Openclaw » Openclaw » Version: 2026.1.16-2

cpe:2.3:a:openclaw:openclaw:2026.1.16-2
Openclaw » Openclaw » Version: 2026.1.162

cpe:2.3:a:openclaw:openclaw:2026.1.162
Openclaw » Openclaw » Version: 2026.1.20

cpe:2.3:a:openclaw:openclaw:2026.1.20
Openclaw » Openclaw » Version: 2026.1.20-1

cpe:2.3:a:openclaw:openclaw:2026.1.20-1
Openclaw » Openclaw » Version: 2026.1.20-2

cpe:2.3:a:openclaw:openclaw:2026.1.20-2
Openclaw » Openclaw » Version: 2026.1.21

cpe:2.3:a:openclaw:openclaw:2026.1.21
Openclaw » Openclaw » Version: 2026.1.21-1

cpe:2.3:a:openclaw:openclaw:2026.1.21-1
Openclaw » Openclaw » Version: 2026.1.21-2

cpe:2.3:a:openclaw:openclaw:2026.1.21-2
Openclaw » Openclaw » Version: 2026.1.22

cpe:2.3:a:openclaw:openclaw:2026.1.22
Openclaw » Openclaw » Version: 2026.1.23

cpe:2.3:a:openclaw:openclaw:2026.1.23
Openclaw » Openclaw » Version: 2026.1.23-1

cpe:2.3:a:openclaw:openclaw:2026.1.23-1
Openclaw » Openclaw » Version: 2026.1.24

cpe:2.3:a:openclaw:openclaw:2026.1.24
Openclaw » Openclaw » Version: 2026.1.24-1

cpe:2.3:a:openclaw:openclaw:2026.1.24-1
Openclaw » Openclaw » Version: 2026.1.24-2

cpe:2.3:a:openclaw:openclaw:2026.1.24-2
Openclaw » Openclaw » Version: 2026.1.24-3

cpe:2.3:a:openclaw:openclaw:2026.1.24-3
Openclaw » Openclaw » Version: 2026.1.241

cpe:2.3:a:openclaw:openclaw:2026.1.241
Openclaw » Openclaw » Version: 2026.1.29

cpe:2.3:a:openclaw:openclaw:2026.1.29
Openclaw » Openclaw » Version: 2026.1.30

cpe:2.3:a:openclaw:openclaw:2026.1.30
Openclaw » Openclaw » Version: 2026.1.4

cpe:2.3:a:openclaw:openclaw:2026.1.4
Openclaw » Openclaw » Version: 2026.1.4-1

cpe:2.3:a:openclaw:openclaw:2026.1.4-1
Openclaw » Openclaw » Version: 2026.1.5

cpe:2.3:a:openclaw:openclaw:2026.1.5
Openclaw » Openclaw » Version: 2026.1.5-1

cpe:2.3:a:openclaw:openclaw:2026.1.5-1
Openclaw » Openclaw » Version: 2026.1.5-2

cpe:2.3:a:openclaw:openclaw:2026.1.5-2
Openclaw » Openclaw » Version: 2026.1.5-3

cpe:2.3:a:openclaw:openclaw:2026.1.5-3
Openclaw » Openclaw » Version: 2026.1.51

cpe:2.3:a:openclaw:openclaw:2026.1.51
Openclaw » Openclaw » Version: 2026.1.52

cpe:2.3:a:openclaw:openclaw:2026.1.52
Openclaw » Openclaw » Version: 2026.1.53

cpe:2.3:a:openclaw:openclaw:2026.1.53
Openclaw » Openclaw » Version: 2026.1.8

cpe:2.3:a:openclaw:openclaw:2026.1.8
Openclaw » Openclaw » Version: 2026.1.8-1

cpe:2.3:a:openclaw:openclaw:2026.1.8-1
Openclaw » Openclaw » Version: 2026.1.8-2

cpe:2.3:a:openclaw:openclaw:2026.1.8-2
Openclaw » Openclaw » Version: 2026.1.9

cpe:2.3:a:openclaw:openclaw:2026.1.9
Openclaw » Openclaw » Version: 2026.2.0

cpe:2.3:a:openclaw:openclaw:2026.2.0
Openclaw » Openclaw » Version: 2026.2.1

cpe:2.3:a:openclaw:openclaw:2026.2.1
Openclaw » Openclaw » Version: 2026.2.12

cpe:2.3:a:openclaw:openclaw:2026.2.12
Openclaw » Openclaw » Version: 2026.2.13

cpe:2.3:a:openclaw:openclaw:2026.2.13
Openclaw » Openclaw » Version: 2026.2.2

cpe:2.3:a:openclaw:openclaw:2026.2.2
Openclaw » Openclaw » Version: 2026.2.2-1

cpe:2.3:a:openclaw:openclaw:2026.2.2-1
Openclaw » Openclaw » Version: 2026.2.2-2

cpe:2.3:a:openclaw:openclaw:2026.2.2-2
Openclaw » Openclaw » Version: 2026.2.2-3

cpe:2.3:a:openclaw:openclaw:2026.2.2-3
Openclaw » Openclaw » Version: 2026.2.3

cpe:2.3:a:openclaw:openclaw:2026.2.3
Openclaw » Openclaw » Version: 2026.2.3-1

cpe:2.3:a:openclaw:openclaw:2026.2.3-1
Openclaw » Openclaw » Version: 2026.2.6

cpe:2.3:a:openclaw:openclaw:2026.2.6
Openclaw » Openclaw » Version: 2026.2.6-1

cpe:2.3:a:openclaw:openclaw:2026.2.6-1
Openclaw » Openclaw » Version: 2026.2.6-2

cpe:2.3:a:openclaw:openclaw:2026.2.6-2
Openclaw » Openclaw » Version: 2026.2.6-3

cpe:2.3:a:openclaw:openclaw:2026.2.6-3
Openclaw » Openclaw » Version: 2026.2.9

cpe:2.3:a:openclaw:openclaw:2026.2.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-26327

Products

Pricing

Contact Us