OpenClaw, Open Door: When 0.0.0.0 Equals Localhost

Vulnerability ID: GHSA-QW99-GRCX-4PVM
CVSS Score: 9.8
Published: 2026-02-17

OpenClaw (formerly Clawdbot), a personal AI assistant, contained a critical network binding vulnerability where the application incorrectly treated wildcard IP addresses (0.0.0.0) as loopback addresses. This allowed the sensitive Chrome extension relay service—intended only for local communication—to be exposed to the entire network, granting remote attackers control over the victim's browser via the Chrome DevTools Protocol.

TL;DR

OpenClaw's code thought '0.0.0.0' was a safe loopback address. It wasn't. This logic error exposed the Chrome DevTools Protocol to the network, allowing remote attackers to hijack browsers and steal credentials.

⚠️ Exploit Status: POC

Technical Details

• CWE ID: CWE-1327
• Attack Vector: Network
• CVSS: 9.8 (Critical)
• Impact: Remote Code Execution / Session Hijacking
• Affected Component: Chrome Extension Relay / CDP Endpoint
• Status: Patched

Affected Systems

• OpenClaw Personal AI Assistant
• Clawdbot
• Moltbot
• OpenClaw: < 2026.2.12 (Fixed in: 2026.2.12)

Code Analysis

Commit: 8d75a49

Fix: correctly identify loopback addresses vs wildcard bindings

- h === "0.0.0.0" ||
+ // Removed 0.0.0.0 from loopback check

Mitigation Strategies

• Update OpenClaw to version 2026.2.12 or later immediately.
• Ensure firewall rules block external access to OpenClaw ports.
• Audit network configurations to ensure services are not unnecessarily bound to 0.0.0.0.

Remediation Steps:

1. Stop the OpenClaw service.
2. Pull the latest docker image or update the binary to v2026.2.12.
3. Verify configuration files do not forcefully bind to 0.0.0.0 without external firewalls.
4. Restart the service.

References

• GHSA Advisory
• ZeroPath Research Blog

Read the full report for GHSA-QW99-GRCX-4PVM on our website for more details including interactive diagrams and full exploit analysis.