AI Threat Alert
## Summary Browser press/type interaction routes missed complete navigation guard coverage. ## Affected Packages / Versions - Package: `openclaw` - Ecosystem: npm - Affected versions: `< 2026.4.10` - Patched versions: `>= 2026.4.10` ## Impact Some browser press/type style interactions could...
Full CISO analysis pending enrichment.
Affected Systems
| Package | Ecosystem | Vulnerable Range | Patched |
|---|---|---|---|
| openclaw | npm | < 2026.4.10 | 2026.4.10 |
Do you use openclaw? You're affected.
Severity & Risk
Recommended Action
Patch available
Update openclaw to version 2026.4.10
Compliance Impact
Compliance analysis pending. Sign in for full compliance mapping when available.
Frequently Asked Questions
What is GHSA-536q-mj95-h29h?
OpenClaw: Browser press/type interaction routes missed complete navigation guard coverage
Is GHSA-536q-mj95-h29h actively exploited?
No confirmed active exploitation of GHSA-536q-mj95-h29h has been reported, but organizations should still patch proactively.
How to fix GHSA-536q-mj95-h29h?
Update to patched version: openclaw 2026.4.10.
What is the CVSS score for GHSA-536q-mj95-h29h?
No CVSS score has been assigned yet.
Technical Details
NVD Description
## Summary Browser press/type interaction routes missed complete navigation guard coverage. ## Affected Packages / Versions - Package: `openclaw` - Ecosystem: npm - Affected versions: `< 2026.4.10` - Patched versions: `>= 2026.4.10` ## Impact Some browser press/type style interactions could trigger navigation without complete post-action SSRF policy enforcement. ## Technical Details The fix applies a three-phase interaction navigation guard to navigation-capable interactions, including pressKey and type submit flows. ## Fix The issue was fixed in #62023 and #63226 and #63889. The first stable tag containing the fix is `v2026.4.10`, and `openclaw@2026.4.14` includes the fix. ## Fix Commit(s) - `049acf23cb03e1b92f5c71cd99c6ec5f35cc56fe` - `5f5b3d733bdd791cb457f838514179e1288b10b3` - `e0b8ddc1a55185aff1cf9e0e095014d2e4f1d894` - PR: #62023, #63226, #63889 ## Release Process Note Users should upgrade to `openclaw` 2026.4.10 or newer. The latest npm release, `2026.4.14`, already includes the fix. ## Credits Thanks to @zsxsoft, with sponsorship from @KeenSecurityLab and @qclawer for reporting this issue.
Weaknesses (CWE)
References
- github.com/advisories/GHSA-536q-mj95-h29h
- github.com/openclaw/openclaw/commit/049acf23cb03e1b92f5c71cd99c6ec5f35cc56fe
- github.com/openclaw/openclaw/commit/5f5b3d733bdd791cb457f838514179e1288b10b3
- github.com/openclaw/openclaw/commit/e0b8ddc1a55185aff1cf9e0e095014d2e4f1d894
- github.com/openclaw/openclaw/pull/62023
- github.com/openclaw/openclaw/pull/63226
- github.com/openclaw/openclaw/pull/63889
- github.com/openclaw/openclaw/security/advisories/GHSA-536q-mj95-h29h
Timeline
Related Vulnerabilities
CVE-2026-30741 9.8 OpenClaw: RCE via request-side prompt injection
Same package: openclaw CVE-2026-28451 9.3 OpenClaw: SSRF via Feishu extension exposes internal services
Same package: openclaw GHSA-m3mh-3mpg-37hw 8.6 OpenClaw: .npmrc hijack enables RCE on plugin install
Same package: openclaw CVE-2026-27001 7.8 OpenClaw: prompt injection via unsanitized workspace path
Same package: openclaw GHSA-hr5v-j9h9-xjhg 7.7 OpenClaw: sandbox escape via mediaUrl path traversal
Same package: openclaw