CVE-2026-32008

OpenClaw versions prior to 2026.2.21 contain an improper URL scheme validation vulnerability in the assertBrowserNavigationAllowed() function that allows authenticated users with browser-tool access to navigate to file:// URLs. Attackers can exploit this by accessing local files readable by the OpenClaw process user through browser snapshot and extraction actions to exfiltrate sensitive data.

OpenClaw versions prior to 2026.2.21 contain an improper URL scheme validation vulnerability in the assertBrowserNavigationAllowed() function that allows authenticated users with browser-tool access to navigate to file:// URLs. Attackers can exploit this by accessing local files readable by the OpenClaw process user through browser snapshot and extraction actions to exfiltrate sensitive data.

## Impact `assertBrowserNavigationAllowed()` validated only `http:`/`https:` network targets but implicitly allowed other schemes. An authenticated gateway user could navigate browser sessions to `file://` URLs and read local files via browser snapshot/extraction flows. ## Affected Component - `src/browser/navigation-guard.ts` ## Technical Reproduction 1. Authenticate to a gateway that has browser tooling enabled. 2. Invoke browser navigation with a `file://` URL (for example `file:///etc/passwd`). 3. Read page content through browser snapshot/extract actions. ## Demonstrated Impact An attacker with valid gateway credentials and browser-tool access can exfiltrate local files readable by the OpenClaw process user (for example config/secrets in that user context). ## Environment - OpenClaw browser tool enabled - Attacker has authenticated access capable of invoking browser actions ## Remediation Advice Reject unsupported navigation schemes and allow only explicitly safe non-network URLs. OpenClaw now blocks non-network schemes (such as `file:`, `data:`, and `javascript:`) while preserving `about:blank`. ## Affected Packages / Versions - Package: `openclaw` (npm) - Affected versions: `<= 2026.2.19-2` - Patched in planned next release: `2026.2.21` ## Fix Commit(s) - `220bd95eff6838234e8b4b711f86d4565e16e401` ## Release Process Note `patched_versions` is pre-set to the planned next release (`2026.2.21`) so once npm `2026.2.21` is published, the advisory can be published directly. OpenClaw thanks @q1uf3ng for reporting.

## Impact `assertBrowserNavigationAllowed()` validated only `http:`/`https:` network targets but implicitly allowed other schemes. An authenticated gateway user could navigate browser sessions to `file://` URLs and read local files via browser snapshot/extraction flows. ## Affected Component - `src/browser/navigation-guard.ts` ## Technical Reproduction 1. Authenticate to a gateway that has browser tooling enabled. 2. Invoke browser navigation with a `file://` URL (for example `file:///etc/passwd`). 3. Read page content through browser snapshot/extract actions. ## Demonstrated Impact An attacker with valid gateway credentials and browser-tool access can exfiltrate local files readable by the OpenClaw process user (for example config/secrets in that user context). ## Environment - OpenClaw browser tool enabled - Attacker has authenticated access capable of invoking browser actions ## Remediation Advice Reject unsupported navigation schemes and allow only explicitly safe non-network URLs. OpenClaw now blocks non-network schemes (such as `file:`, `data:`, and `javascript:`) while preserving `about:blank`. ## Affected Packages / Versions - Package: `openclaw` (npm) - Affected versions: `<= 2026.2.19-2` - Patched in planned next release: `2026.2.21` ## Fix Commit(s) - `220bd95eff6838234e8b4b711f86d4565e16e401` ## Release Process Note `patched_versions` is pre-set to the planned next release (`2026.2.21`) so once npm `2026.2.21` is published, the advisory can be published directly. OpenClaw thanks @q1uf3ng for reporting.

Las versiones de OpenClaw anteriores a la 2026.2.21 contienen una vulnerabilidad de validación de esquema de URL incorrecta en la función assertBrowserNavigationAllowed() que permite a los usuarios autenticados con acceso a la herramienta del navegador navegar a URLs de tipo file://. Los atacantes pueden explotar esto accediendo a archivos locales legibles por el usuario del proceso de OpenClaw a través de acciones de captura y extracción del navegador para exfiltrar datos sensibles.