Product
OpenClaw before version 2026.6.6 contains a policy bypass vulnerability in its browser CDP discovery feature that allows attackers with lower-trust access to circumvent network blocking policies by accepting WebSocket URLs that should have been blocked, enabling them to reach otherwise restricted network destinations when the affected feature is enabled.