OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints

OpenClaw is a personal AI assistant. Prior to 2026.2.14, browser-facing localhost mutation routes accepted cross-origin browser requests without explicit Origin/Referer validation. Loopback binding reduces remote exposure but does not prevent browser-initiated requests from malicious origins. A malicious website can trigger unauthorized state changes against a victim's local OpenClaw browser control plane (for example opening tabs, starting/stopping the browser, mutating storage/cookies) if the browser control service is reachable on loopback in the victim's browser context. Starting in version 2026.2.14, mutating HTTP methods (POST/PUT/PATCH/DELETE) are rejected when the request indicates a non-loopback Origin/Referer (or `Sec-Fetch-Site: cross-site`). Other mitigations include enabling browser control auth (token/password) and avoid running with auth disabled.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L

跨站请求伪造(CSRF)

OpenClaw 跨站请求伪造漏洞

OpenClaw是openclaw开源的一个智能人工助理。 OpenClaw 2026.2.14之前版本存在跨站请求伪造漏洞，该漏洞源于面向浏览器的本地主机变更路由接受跨域浏览器请求时未进行显式的Origin/Referer验证，可能导致恶意网站触发对受害者本地OpenClaw浏览器控制平面的未授权状态更改。

N/A

N/A