CVE-2026-32064CRITICAL 9.1EPSS p39.6%

CVE-2026-32064CVE-2026-32064

Description

OpenClaw versions prior to 2026.2.21 sandbox browser entrypoint launches x11vnc without authentication for noVNC observer sessions, allowing unauthenticated access to the VNC interface. Remote attackers on the host loopback interface can connect to the exposed noVNC port to observe or interact with the sandbox browser without credentials.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS0.51% probability of exploitation · percentile 39.6% · 2026-06-19T12:03:05Z
Published2026-03-21
Last modified2026-03-24

Underlying weaknesses· 1

CWE-306

References

  1. https://github.com/openclaw/openclaw/commit/621d8e1312482f122f18c43c72c67211b141da01
  2. https://github.com/openclaw/openclaw/commit/8c1518f0f3e0533593cd2dec3a46c9b746753661
  3. https://github.com/openclaw/openclaw/security/advisories/GHSA-25gx-x37c-7pph
  4. https://www.vulncheck.com/advisories/openclaw-missing-vnc-authentication-in-sandbox-browser-novnc-observer

1

TypeTargetConfidenceTier
WeaknessMissing Authentication for Critical Functioncwe-3060%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-43575
CVE
CVE-2026-32046
CVE
CVE-2026-32048
CVE
CVE-2026-32038
CVE
CVE-2026-32034
CVE
CVE-2026-42434
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.