{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-35643/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-35643"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cve-2026-35643","rce","android"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eOpenClaw versions prior to 2026.3.22 are susceptible to a critical vulnerability (CVE-2026-35643) stemming from an unvalidated WebView JavascriptInterface. This flaw enables attackers to inject arbitrary instructions and execute malicious code within the context of the Android application. The vulnerability arises because untrusted web pages can exploit the canvas bridge, a component responsible for communication between the WebView and the native Android code. Successful exploitation allows an attacker to gain control over the application\u0026rsquo;s resources and potentially the device itself. This is a severe risk for any application using OpenClaw, as it could lead to data theft, malware installation, or other malicious activities.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies an application utilizing a vulnerable version of OpenClaw (prior to 2026.3.22).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious web page containing JavaScript code designed to exploit the unvalidated WebView JavascriptInterface.\u003c/li\u003e\n\u003cli\u003eThe victim unknowingly navigates to the attacker-controlled web page, likely through social engineering or malicious advertising.\u003c/li\u003e\n\u003cli\u003eThe malicious JavaScript code on the page interacts with the vulnerable canvas bridge within the OpenClaw WebView.\u003c/li\u003e\n\u003cli\u003eThe attacker injects arbitrary instructions through the canvas bridge, leveraging the lack of input validation.\u003c/li\u003e\n\u003cli\u003eThese injected instructions are then executed within the Android application context, bypassing security restrictions.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to the application\u0026rsquo;s resources, such as user data or device functionalities.\u003c/li\u003e\n\u003cli\u003eThe attacker executes arbitrary code, potentially leading to data exfiltration, malware installation, or complete device compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful exploitation of CVE-2026-35643 in OpenClaw can lead to complete compromise of the Android application and potentially the device it is running on. This can result in data theft, unauthorized access to sensitive information, installation of malware, and other malicious activities. While the exact number of vulnerable applications is unknown, the widespread use of OpenClaw could potentially affect a large number of users. The vulnerability is particularly dangerous because it can be exploited remotely through a simple web page, making it easily accessible to attackers.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade OpenClaw to version 2026.3.22 or later to patch CVE-2026-35643, as mentioned in the overview.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization on all data received through the WebView JavascriptInterface to prevent arbitrary code injection.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule to detect attempts to exploit the canvas bridge within OpenClaw (see \u0026ldquo;Detect Suspicious WebView Bridge Usage\u0026rdquo; rule).\u003c/li\u003e\n\u003cli\u003eMonitor web traffic for access to untrusted URLs from applications utilizing OpenClaw to identify potential exploitation attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-10T17:17:04Z","date_published":"2026-04-10T17:17:04Z","id":"/briefs/2026-04-openclaw-webview-rce/","summary":"OpenClaw before 2026.3.22 is vulnerable to arbitrary code execution due to an unvalidated WebView JavascriptInterface, allowing attackers to inject malicious instructions by invoking the canvas bridge from untrusted pages.","title":"OpenClaw WebView JavascriptInterface Vulnerability (CVE-2026-35643)","url":"https://feed.craftedsignal.io/briefs/2026-04-openclaw-webview-rce/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-35643","version":"https://jsonfeed.org/version/1.1"}