GHSA-25GX-X37C-7PPH

Vulnerability from github – Published: 2026-03-03 19:17 – Updated: 2026-03-30 13:43
VLAI?
Summary
OpenClaw's andbox browser noVNC observer lacked VNC authentication
Details

The sandbox browser entrypoint launched x11vnc without authentication (-nopw) for noVNC observer sessions.

OpenClaw-managed runtime flow publishes the noVNC port to host loopback only (127.0.0.1), so default exposure is local to the host unless operators explicitly expose the port more broadly (or run the image standalone with broad port publishing).

Affected Packages / Versions

  • Package: docker/openclaw
  • Affected: <= 2026.2.19-2
  • Patched: >= 2026.2.21

Technical details

  • scripts/sandbox-browser-entrypoint.sh used x11vnc ... -nopw for noVNC observer flow.
  • websockify exposed noVNC for the container listener.
  • OpenClaw runtime (src/agents/sandbox/browser.ts) already mapped host publish to loopback, but observer auth was missing.

Fix

  • Require VNC password auth in the sandbox browser entrypoint (x11vnc -rfbauth), replacing -nopw.
  • Generate per-container noVNC password in runtime and inject OPENCLAW_BROWSER_NOVNC_PASSWORD.
  • Emit short-lived noVNC observer token URLs instead of sharing raw noVNC passwords in shared URLs.
  • Keep loopback-only host port publish and bump sandbox browser security hash epoch.
  • Add security audit findings for sandbox browser containers that publish ports on non-loopback interfaces.

Operational note: rebuild the sandbox browser image and recreate browser containers so existing containers pick up the fix.

Fix Commit(s)

  • 621d8e1312482f122f18c43c72c67211b141da01
  • 8c1518f0f3e0533593cd2dec3a46c9b746753661

Release Process Note

Patched version is pre-set to the planned next release (2026.2.21). After npm release, this advisory can be published without further field edits.

OpenClaw thanks @TerminalsandCoffee for reporting.

Severity ?
7.7 (High)
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
8.5 (High)
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.2.21"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-32064"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-862"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-03T19:17:48Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "The sandbox browser entrypoint launched `x11vnc` without authentication (`-nopw`) for noVNC observer sessions.\n\nOpenClaw-managed runtime flow publishes the noVNC port to host loopback only (`127.0.0.1`), so default exposure is local to the host unless operators explicitly expose the port more broadly (or run the image standalone with broad port publishing).\n\n## Affected Packages / Versions\n\n- Package: `docker/openclaw`\n- Affected: `\u003c= 2026.2.19-2`\n- Patched: `\u003e= 2026.2.21`\n\n## Technical details\n\n- `scripts/sandbox-browser-entrypoint.sh` used `x11vnc ... -nopw` for noVNC observer flow.\n- `websockify` exposed noVNC for the container listener.\n- OpenClaw runtime (`src/agents/sandbox/browser.ts`) already mapped host publish to loopback, but observer auth was missing.\n\n## Fix\n\n- Require VNC password auth in the sandbox browser entrypoint (`x11vnc -rfbauth`), replacing `-nopw`.\n- Generate per-container noVNC password in runtime and inject `OPENCLAW_BROWSER_NOVNC_PASSWORD`.\n- Emit short-lived noVNC observer token URLs instead of sharing raw noVNC passwords in shared URLs.\n- Keep loopback-only host port publish and bump sandbox browser security hash epoch.\n- Add security audit findings for sandbox browser containers that publish ports on non-loopback interfaces.\n\nOperational note: rebuild the sandbox browser image and recreate browser containers so existing containers pick up the fix.\n\n## Fix Commit(s)\n\n- `621d8e1312482f122f18c43c72c67211b141da01`\n- `8c1518f0f3e0533593cd2dec3a46c9b746753661`\n\n## Release Process Note\n\nPatched version is pre-set to the planned next release (`2026.2.21`). After npm release, this advisory can be published without further field edits.\n\nOpenClaw thanks @TerminalsandCoffee for reporting.",
  "id": "GHSA-25gx-x37c-7pph",
  "modified": "2026-03-30T13:43:24Z",
  "published": "2026-03-03T19:17:48Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-25gx-x37c-7pph"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32064"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/621d8e1312482f122f18c43c72c67211b141da01"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/8c1518f0f3e0533593cd2dec3a46c9b746753661"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-missing-vnc-authentication-in-sandbox-browser-novnc-observer"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw\u0027s andbox browser noVNC observer lacked VNC authentication"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.