GHSA-h5hg-h7rr-gpf3: OpenClaw: Node browser proxy `allowProfiles` bypass through persistent profile mutation and runtime profile selection

April 3, 2026 (updated April 6, 2026)

Node browser proxy allowProfiles bypass through persistent profile mutation and runtime profile selection

References

github.com/advisories/GHSA-h5hg-h7rr-gpf3
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/eac93507c36ccd0c359fba18fa466ef6448be8a5
github.com/openclaw/openclaw/security/advisories/GHSA-h5hg-h7rr-gpf3

Code Behaviors & Features

Detect and mitigate GHSA-h5hg-h7rr-gpf3 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →