GHSA-fh32-73r9-rgh5

MODERATEView advisory

SeverityMODERATE

Repositoryopenclaw/openclaw

PublishedApr 7, 2026, 6:15 PM

Refe48ee8ae9e0ccd9133553c2337ca92a740b52780

Advisory summary

OpenClaw: Trailing-dot localhost CDP hosts could bypass remote loopback protections

Curator analysis

Synopsis

Trailing-dot localhost handling in remote CDP websocket normalization lets a hostile discovery response bypass loopback-host rewriting and steer a follow-up browser-control connection back to localhost.

Vulnerability classes

loopback protection bypassimproper hostname normalization

Sink hints

extensions/browser/src/browser/cdp.ts

This is the browser CDP URL normalization path referenced by the new test. It consumes the discovery-provided websocket URL and decides whether loopback-like hosts such as localhost should be rewritten back to the configured remote host.

src/gateway/net.ts

The fix lands here: shared host parsing and loopback checks previously treated only exact localhost as loopback, so absolute-form hosts like localhost. were not canonicalized before the protection decision.

Expected components

remote CDP websocket URL normalizationloopback/localhost host checks

Model scores(5)

openai/gpt-5.4excellent

93.00View trace

Target Alignment

Source To Sink Reasoning

Impact And Exploitability

Evidence Quality

Overclaim Control

google/gemini-3.1-pro-previewexcellent

90.00View trace

Target Alignment

Source To Sink Reasoning

Impact And Exploitability

Evidence Quality

Overclaim Control

z-ai/glm-5.1excellent

89.00View trace

Target Alignment

Source To Sink Reasoning

Impact And Exploitability

Evidence Quality

Overclaim Control

moonshotai/kimi-k2.5partial

78.00View trace

Target Alignment

Source To Sink Reasoning

Impact And Exploitability

Evidence Quality

Overclaim Control

anthropic/claude-opus-4.6partial

78.00View trace

Target Alignment

Source To Sink Reasoning

Impact And Exploitability

Evidence Quality

Overclaim Control