Vulnerabilities

CVE-2026-41398

by Fred · 28/04/2026

OpenClaw before 2026.4.2 contains an improper access control vulnerability in the iOS A2UI bridge that treats generic local-network pages as trusted origins. Attackers can inject unauthorized agent.request runs by loading attacker-controlled pages from local-network or tailnet hosts, polluting session state and consuming budget.

More information : https://github.com/openclaw/openclaw/commit/49d08382a90f71dabe2877b3f6729ad85f808d57

Similar

Tags: Cybersecurity Alert