GHSA-vpj2-69hf-rppw: OpenClaw: Browser control startup could continue unauthenticated after auth bootstrap failure

March 2, 2026

When browser control started without explicit auth credentials, OpenClaw attempted to bootstrap auth automatically. In affected versions, if that bootstrap step threw an error, startup could continue and expose browser-control routes without authentication.

References

github.com/advisories/GHSA-vpj2-69hf-rppw
github.com/openclaw/openclaw
github.com/openclaw/openclaw/security/advisories/GHSA-vpj2-69hf-rppw

Code Behaviors & Features

Detect and mitigate GHSA-vpj2-69hf-rppw with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →