GHSA-2hfg-4fh4-qp7f
OpenClaw's browser act interactions could bypass private-network navigation checks
Details
### Summary
OpenClaw's browser control SSRF checks blocked direct navigation to private or loopback URLs, but some Playwright `act` interactions could trigger navigation after the initial check. A later browser evaluation could then read from the page reached by that action-triggered navigation.
This issue is specific to browser control actions and private-network navigation policy. Browser evaluation remains an intentional trusted-operator feature when it is used on pages that policy allowed the browser to visit.
### Affected configurations
This affects deployments where browser control is enabled and an authenticated browser-control caller can interact with an attacker-controlled page that redirects or navigates the tab to a private-network target through a UI action.
### Impact
If the browser reached a private page through an unchecked action-triggered navigation, a caller with browser evaluation capability could read page content that direct navigation policy would have blocked.
The issue does not grant access to OpenClaw without authentication. It bypasses the private-network navigation guard for a specific browser action path.
### Patched Versions
The first stable patched version is `2026.5.18`.
### Mitigations
Upgrade to `openclaw@2026.5.18` or later. Before upgrading, restrict browser-control access to trusted operators and avoid using browser control on untrusted pages in environments with sensitive private web services.
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://github.com/openclaw/openclaw/security/advisories/GHSA-2hfg-4fh4-qp7f [WEB]
- https://nvd.nist.gov/vuln/detail/CVE-2026-53812 [ADVISORY]
- https://github.com/openclaw/openclaw [PACKAGE]
- https://www.vulncheck.com/advisories/openclaw-private-network-navigation-bypass-via-browser-act-interactions [WEB]