{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/browser-automation/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.1,"id":"CVE-2026-42431"}],"_cs_exploited":false,"_cs_products":["openclaw"],"_cs_severities":["high"],"_cs_tags":["security-bypass","browser-automation","profile-mutation"],"_cs_type":"advisory","_cs_vendors":["openclaw"],"content_html":"\u003cp\u003eOpenClaw, a browser automation tool, is vulnerable to a security bypass (CVE-2026-42431) affecting versions prior to 2026.4.8. This vulnerability resides in the \u003ccode\u003enode.invoke(browser.proxy)\u003c/code\u003e function, which improperly allows mutation of persistent browser profiles. An attacker can leverage this flaw to bypass the \u003ccode\u003ebrowser.request\u003c/code\u003e persistent profile-mutation guard. Successful exploitation leads to unauthorized modification of browser configurations, potentially enabling malicious activities such as injecting malicious extensions, altering browser settings, or compromising user data. The vulnerability was publicly disclosed on April 28, 2026.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable OpenClaw instance running a version prior to 2026.4.8.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious script that calls the \u003ccode\u003enode.invoke(browser.proxy)\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe script is designed to bypass the \u003ccode\u003ebrowser.request\u003c/code\u003e persistent profile-mutation guard.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003enode.invoke(browser.proxy)\u003c/code\u003e function is exploited to mutate the persistent browser profile.\u003c/li\u003e\n\u003cli\u003eThe browser configuration is modified to include malicious settings, such as altered proxy settings or injected malicious extensions.\u003c/li\u003e\n\u003cli\u003eOpenClaw uses the modified browser profile for subsequent browser automation tasks.\u003c/li\u003e\n\u003cli\u003eThe malicious configurations allow the attacker to intercept or modify browser traffic.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to sensitive information or injects malicious content into the browser session.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-42431 allows attackers to modify browser configurations, potentially leading to data theft, session hijacking, or the injection of malicious content. This can compromise user credentials, financial data, or other sensitive information handled by the browser. The vulnerability affects all users of OpenClaw versions prior to 2026.4.8. While the exact number of affected users is unknown, the impact is high due to the potential for widespread compromise of browser profiles and associated data.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade OpenClaw to version 2026.4.8 or later to patch CVE-2026-42431.\u003c/li\u003e\n\u003cli\u003eMonitor OpenClaw scripts for suspicious calls to \u003ccode\u003enode.invoke(browser.proxy)\u003c/code\u003e using network connection monitoring.\u003c/li\u003e\n\u003cli\u003eImplement strict access controls to limit who can modify OpenClaw scripts and browser profiles.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule provided below to detect attempts to bypass the \u003ccode\u003ebrowser.request\u003c/code\u003e persistent profile-mutation guard.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-29T12:00:00Z","date_published":"2026-04-29T12:00:00Z","id":"/briefs/2026-04-openclaw-bypass/","summary":"OpenClaw before 2026.4.8 contains a security bypass vulnerability in node.invoke(browser.proxy) that allows attackers to circumvent the browser.request persistent profile-mutation guard and modify browser configurations.","title":"OpenClaw Security Bypass Vulnerability Allows Persistent Browser Profile Mutation","url":"https://feed.craftedsignal.io/briefs/2026-04-openclaw-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Browser-Automation","version":"https://jsonfeed.org/version/1.1"}