Security Advisory

CVE-2026-40045

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-20 23:08:07

Last updated 2026-04-21 13:37:43

Assigner VulnCheck

State PUBLISHED

Description

OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored gateway credentials over unencrypted connections. Attackers can forge discovery results or craft setup codes to redirect clients to malicious endpoints, disclosing plaintext gateway credentials.

← Browse all CVEs View on cve.org ↗