OpenClaw/Clawdbot/Moltbot up to 2026.2.13 Resolved Service Endpoint data authenticity

Summaryinfo

A vulnerability was found in OpenClaw, Clawdbot and Moltbot up to 2026.2.13 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Resolved Service Endpoint. Executing a manipulation can lead to data authenticity. This vulnerability is registered as CVE-2026-26327. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.

Detailsinfo

A vulnerability classified as problematic was found in OpenClaw, Clawdbot and Moltbot up to 2026.2.13. This vulnerability affects an unknown code of the component Resolved Service Endpoint. The manipulation with an unknown input leads to a data authenticity vulnerability. The CWE definition for the vulnerability is CWE-345. The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data. As an impact it is known to affect integrity. CVE summarizes:

OpenClaw is a personal AI assistant. Discovery beacons (Bonjour/mDNS and DNS-SD) include TXT records such as `lanHost`, `tailnetDns`, `gatewayPort`, and `gatewayTlsSha256`. TXT records are unauthenticated. Prior to version 2026.2.14, some clients treated TXT values as authoritative routing/pinning inputs. iOS and macOS used TXT-provided host hints (`lanHost`/`tailnetDns`) and ports (`gatewayPort`) to build the connection URL. iOS and Android allowed the discovery-provided TLS fingerprint (`gatewayTlsSha256`) to override a previously stored TLS pin. On a shared/untrusted LAN, an attacker could advertise a rogue `_openclaw-gw._tcp` service. This could cause a client to connect to an attacker-controlled endpoint and/or accept an attacker certificate, potentially exfiltrating Gateway credentials (`auth.token` / `auth.password`) during connection. As of time of publication, the iOS and Android apps are alpha/not broadly shipped (no public App Store / Play Store release). Practical impact is primarily limited to developers/testers running those builds, plus any other shipped clients relying on discovery on a shared/untrusted LAN. Version 2026.2.14 fixes the issue. Clients now prefer the resolved service endpoint (SRV + A/AAAA) over TXT-provided routing hints. Discovery-provided fingerprints no longer override stored TLS pins. In iOS/Android, first-time TLS pins require explicit user confirmation (fingerprint shown; no silent TOFU) and discovery-based direct connects are TLS-only. In Android, hostname verification is no longer globally disabled (only bypassed when pinning).

The advisory is available at github.com. This vulnerability was named CVE-2026-26327 since 02/13/2026. The exploitation appears to be difficult. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. The technical details are unknown and an exploit is not available.

Upgrading to version 2026.2.14 eliminates this vulnerability. The upgrade is hosted for download at github.com. Applying the patch d583782ee322a6faa1fe87ae52455e0d349de586 is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Type

• Artificial Intelligence Software

Name

• Clawdbot
• Moltbot
• OpenClaw

Version

• 2026.2.0
• 2026.2.1
• 2026.2.2
• 2026.2.3
• 2026.2.4
• 2026.2.5
• 2026.2.6
• 2026.2.7
• 2026.2.8
• 2026.2.9
• 2026.2.10
• 2026.2.11
• 2026.2.12
• 2026.2.13

License

• open-source

Website

• Product: https://github.com/openclaw/openclaw/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Discussion