{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-26327", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-13T16:27:51.809Z", "datePublished": "2026-02-19T22:59:36.376Z", "dateUpdated": "2026-02-20T15:39:17.849Z"}, "containers": {"cna": {"title": "OpenClaw allows unauthenticated discovery TXT records to steer routing and TLS pinning", "problemTypes": [{"descriptions": [{"cweId": "CWE-345", "lang": "en", "description": "CWE-345: Insufficient Verification of Data Authenticity", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "ADJACENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/openclaw/openclaw/security/advisories/GHSA-pv58-549p-qh99", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-pv58-549p-qh99"}, {"name": "https://github.com/openclaw/openclaw/commit/d583782ee322a6faa1fe87ae52455e0d349de586", "tags": ["x_refsource_MISC"], "url": "https://github.com/openclaw/openclaw/commit/d583782ee322a6faa1fe87ae52455e0d349de586"}, {"name": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14", "tags": ["x_refsource_MISC"], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14"}], "affected": [{"vendor": "openclaw", "product": "openclaw", "versions": [{"version": "< 2026.2.14", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-19T22:59:36.376Z"}, "descriptions": [{"lang": "en", "value": "OpenClaw is a personal AI assistant. Discovery beacons (Bonjour/mDNS and DNS-SD) include TXT records such as `lanHost`, `tailnetDns`, `gatewayPort`, and `gatewayTlsSha256`. TXT records are unauthenticated. Prior to version 2026.2.14, some clients treated TXT values as authoritative routing/pinning inputs. iOS and macOS used TXT-provided host hints (`lanHost`/`tailnetDns`) and ports (`gatewayPort`) to build the connection URL. iOS and Android allowed the discovery-provided TLS fingerprint (`gatewayTlsSha256`) to override a previously stored TLS pin. On a shared/untrusted LAN, an attacker could advertise a rogue `_openclaw-gw._tcp` service. This could cause a client to connect to an attacker-controlled endpoint and/or accept an attacker certificate, potentially exfiltrating Gateway credentials (`auth.token` / `auth.password`) during connection. As of time of publication, the iOS and Android apps are alpha/not broadly shipped (no public App Store / Play Store release). Practical impact is primarily limited to developers/testers running those builds, plus any other shipped clients relying on discovery on a shared/untrusted LAN. Version 2026.2.14 fixes the issue. Clients now prefer the resolved service endpoint (SRV + A/AAAA) over TXT-provided routing hints. Discovery-provided fingerprints no longer override stored TLS pins. In iOS/Android, first-time TLS pins require explicit user confirmation (fingerprint shown; no silent TOFU) and discovery-based direct connects are TLS-only. In Android, hostname verification is no longer globally disabled (only bypassed when pinning)."}], "source": {"advisory": "GHSA-pv58-549p-qh99", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-20T15:27:12.065090Z", "id": "CVE-2026-26327", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-20T15:39:17.849Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-26327", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-20T15:27:12.065090Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-20T15:27:13.860Z"}}], "cna": {"title": "OpenClaw allows unauthenticated discovery TXT records to steer routing and TLS pinning", "source": {"advisory": "GHSA-pv58-549p-qh99", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 7.1, "attackVector": "ADJACENT", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "openclaw", "product": "openclaw", "versions": [{"status": "affected", "version": "< 2026.2.14"}]}], "references": [{"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-pv58-549p-qh99", "name": "https://github.com/openclaw/openclaw/security/advisories/GHSA-pv58-549p-qh99", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/openclaw/openclaw/commit/d583782ee322a6faa1fe87ae52455e0d349de586", "name": "https://github.com/openclaw/openclaw/commit/d583782ee322a6faa1fe87ae52455e0d349de586", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14", "name": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "OpenClaw is a personal AI assistant. Discovery beacons (Bonjour/mDNS and DNS-SD) include TXT records such as `lanHost`, `tailnetDns`, `gatewayPort`, and `gatewayTlsSha256`. TXT records are unauthenticated. Prior to version 2026.2.14, some clients treated TXT values as authoritative routing/pinning inputs. iOS and macOS used TXT-provided host hints (`lanHost`/`tailnetDns`) and ports (`gatewayPort`) to build the connection URL. iOS and Android allowed the discovery-provided TLS fingerprint (`gatewayTlsSha256`) to override a previously stored TLS pin. On a shared/untrusted LAN, an attacker could advertise a rogue `_openclaw-gw._tcp` service. This could cause a client to connect to an attacker-controlled endpoint and/or accept an attacker certificate, potentially exfiltrating Gateway credentials (`auth.token` / `auth.password`) during connection. As of time of publication, the iOS and Android apps are alpha/not broadly shipped (no public App Store / Play Store release). Practical impact is primarily limited to developers/testers running those builds, plus any other shipped clients relying on discovery on a shared/untrusted LAN. Version 2026.2.14 fixes the issue. Clients now prefer the resolved service endpoint (SRV + A/AAAA) over TXT-provided routing hints. Discovery-provided fingerprints no longer override stored TLS pins. In iOS/Android, first-time TLS pins require explicit user confirmation (fingerprint shown; no silent TOFU) and discovery-based direct connects are TLS-only. In Android, hostname verification is no longer globally disabled (only bypassed when pinning)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-345", "description": "CWE-345: Insufficient Verification of Data Authenticity"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-19T22:59:36.376Z"}}}, "cveMetadata": {"cveId": "CVE-2026-26327", "state": "PUBLISHED", "dateUpdated": "2026-02-20T15:39:17.849Z", "dateReserved": "2026-02-13T16:27:51.809Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-19T22:59:36.376Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "0F3079A3-9FBD-4E87-821D-5CAF0622C555", "versionEndExcluding": "2026.2.14", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenClaw is a personal AI assistant. Discovery beacons (Bonjour/mDNS and DNS-SD) include TXT records such as `lanHost`, `tailnetDns`, `gatewayPort`, and `gatewayTlsSha256`. TXT records are unauthenticated. Prior to version 2026.2.14, some clients treated TXT values as authoritative routing/pinning inputs. iOS and macOS used TXT-provided host hints (`lanHost`/`tailnetDns`) and ports (`gatewayPort`) to build the connection URL. iOS and Android allowed the discovery-provided TLS fingerprint (`gatewayTlsSha256`) to override a previously stored TLS pin. On a shared/untrusted LAN, an attacker could advertise a rogue `_openclaw-gw._tcp` service. This could cause a client to connect to an attacker-controlled endpoint and/or accept an attacker certificate, potentially exfiltrating Gateway credentials (`auth.token` / `auth.password`) during connection. As of time of publication, the iOS and Android apps are alpha/not broadly shipped (no public App Store / Play Store release). Practical impact is primarily limited to developers/testers running those builds, plus any other shipped clients relying on discovery on a shared/untrusted LAN. Version 2026.2.14 fixes the issue. Clients now prefer the resolved service endpoint (SRV + A/AAAA) over TXT-provided routing hints. Discovery-provided fingerprints no longer override stored TLS pins. In iOS/Android, first-time TLS pins require explicit user confirmation (fingerprint shown; no silent TOFU) and discovery-based direct connects are TLS-only. In Android, hostname verification is no longer globally disabled (only bypassed when pinning)."}, {"lang": "es", "value": "OpenClaw es un asistente personal de IA. Las balizas de descubrimiento (Bonjour/mDNS y DNS-SD) incluyen registros TXT como 'lanHost', 'tailnetDns', 'gatewayPort' y 'gatewayTlsSha256'. Los registros TXT no est\u00e1n autenticados. Antes de la versi\u00f3n 2026.2.14, algunos clientes trataban los valores TXT como entradas autoritativas de enrutamiento/fijaci\u00f3n. iOS y macOS usaban las sugerencias de host ('lanHost'/'tailnetDns') y los puertos ('gatewayPort') proporcionados por TXT para construir la URL de conexi\u00f3n. iOS y Android permit\u00edan que la huella digital TLS ('gatewayTlsSha256') proporcionada por el descubrimiento anulara una fijaci\u00f3n TLS previamente almacenada. En una LAN compartida/no confiable, un atacante podr\u00eda anunciar un servicio '_openclaw-gw._tcp' malicioso. Esto podr\u00eda hacer que un cliente se conectara a un punto final controlado por un atacante y/o aceptara un certificado de atacante, potencialmente exfiltrando credenciales de Gateway ('auth.token' / 'auth.password') durante la conexi\u00f3n. En el momento de la publicaci\u00f3n, las aplicaciones de iOS y Android est\u00e1n en fase alfa/no se han distribuido ampliamente (sin lanzamiento p\u00fablico en App Store / Play Store). El impacto pr\u00e1ctico se limita principalmente a desarrolladores/probadores que ejecutan esas compilaciones, adem\u00e1s de cualquier otro cliente distribuido que dependa del descubrimiento en una LAN compartida/no confiable. La versi\u00f3n 2026.2.14 corrige el problema. Los clientes ahora prefieren el punto final de servicio resuelto (SRV + A/AAAA) sobre las sugerencias de enrutamiento proporcionadas por TXT. Las huellas digitales proporcionadas por el descubrimiento ya no anulan las fijaciones TLS almacenadas. En iOS/Android, las fijaciones TLS por primera vez requieren confirmaci\u00f3n expl\u00edcita del usuario (huella digital mostrada; sin TOFU silencioso) y las conexiones directas basadas en descubrimiento son solo TLS. En Android, la verificaci\u00f3n de nombre de host ya no est\u00e1 deshabilitada globalmente (solo se omite al fijar)."}], "id": "CVE-2026-26327", "lastModified": "2026-02-23T13:44:36.753", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-19T23:16:26.100", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/openclaw/openclaw/commit/d583782ee322a6faa1fe87ae52455e0d349de586"}, {"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-pv58-549p-qh99"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2026.2.14)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "openclaw", "source": "cna", "vendor": "openclaw"}, "product": "openclaw", "vendor": "openclaw"}], "analysis": {"en": {"generated_at": "2026-04-18T17:53:28.471820+00:00", "value": {"mitigation_remediation": ["Update OpenClaw to version 2026.2.14 or later, which fixes the CWE\u2011345 vulnerability by rejecting unauthenticated TXT records for routing or pinning and prioritizing resolved SRV and A/AAAA records.", "If upgrading is not immediately possible, restrict or block Bonjour/mDNS traffic on untrusted LANs, or use network segmentation so that only trusted hosts can advertise _openclaw\u2011gw._tcp services.", "Verify that client certificates are validated against server hostnames; for Android, ensure hostname verification is enabled and that first\u2011time TLS pins trigger a user confirmation prompt rather than silent TOFU. This step mitigates potential routing logic exploits outlined in CWE\u2011345 by enforcing strict pinning."], "summary": {"action": "Patch Immediately", "impact": "Potential remote exfiltration of gateway credentials via malicious mDNS service"}, "threat_synthesis": {"affected_systems": "The affected product is OpenClaw, developed by the official OpenClaw team, built on Node.js. All releases prior to version 2026.2.14 are vulnerable. The issue manifests in the iOS and Android apps, which were in alpha during the time of disclosure, but any client that relies on mDNS discovery over an untrusted LAN is also impacted. No other vendors or major version ranges are reported as affected.", "description_and_impact": "OpenClaw uses unprotected TXT records in Bonjour/mDNS discovery to provide routing hints and TLS fingerprints. Based on the description, it is inferred that an attacker on a shared or untrusted LAN can publish a rogue _openclaw-gw._tcp service that steers the client to an attacker\u2011controlled endpoint or forces it to accept an attacker\u2019s certificate. This could lead to exfiltration of gateway credentials such as auth.token or auth.password. iOS and macOS clients used the TXT\u2011provided host hints and ports to build the connection URL, while iOS and Android allowed the discovery\u2011provided TLS fingerprint to override a previously stored TLS pin.", "risk_and_exploitability": "The CVSS score of 7.1 indicates a high severity. The EPSS value of \"< 1%\" suggests that while exploitation is possible, the probability of a successful attack at any given time is low; the vulnerability is not listed in CISA\u2019s KEV catalog. Based on the description, it is inferred that an attacker would need physical or Wi\u2011Fi access to a shared network to advertise a malicious service record, achievable through local mDNS spoofing. If the target uses an unreleased alpha client, the impact could expose sensitive gateway credentials; otherwise the risk is limited to developers or testers in controlled environments."}}}}, "created": "2026-02-20T09:53:33.865465+00:00", "updated": "2026-04-18T18:00:06.461057+00:00", "vendors": ["openclaw", "openclaw$PRODUCT$openclaw"]}