CVE-2026-42431

· NIST NVD ↗

OpenClaw before 2026.4.8 contains a security bypass vulnerability in node.invoke(browser.proxy) that allows mutation of persistent browser profiles. Attackers can exploit this path to circumvent the browser.request persistent profile-mutation guard and modify browser configurations.

HIGH
CVSS severity
8.1
CVSS base score
2026-04-28
Published

CWE codes

CWE-863

Affected products

openclaw:openclaw

Sources