Cyber Posture

CVE-2026-43575

CriticalPublic PoC

Published: 06 May 2026

Published
06 May 2026
Modified
07 May 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0011 28.7th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-43575 is a critical-severity Missing Authorization (CWE-862) vulnerability in Openclaw Openclaw. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique VNC (T1021.005); ranked at the 28.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense at a Glance

What attackers do: exploitation maps to VNC (T1021.005) and 1 other technique.
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

AC-1 Policy and Procedures
addresses: CWE-862

Requiring an access control policy ensures authorization checks are defined and applied for critical functions.

AC-13 Supervision and Review — Access Control
addresses: CWE-862

Reviews of access controls detect missing authorization checks on critical functions or resources.

AC-14 Permitted Actions Without Identification or Authentication
addresses: CWE-862

Documenting permitted unauthenticated actions prevents missing authorization by making all exceptions explicit and subject to organizational review.

AC-16 Security and Privacy Attributes
addresses: CWE-862

Requiring attribute association with information prevents authorization from being performed without necessary security or privacy context.

AC-17 Remote Access
addresses: CWE-862

Mandating authorization prior to allowing remote connections addresses missing authorization for remote access.

AC-18 Wireless Access
addresses: CWE-862

Mandating authorization before wireless connections are allowed prevents missing authorization for wireless access.

AC-19 Access Control for Mobile Devices
addresses: CWE-862

The control requires authorization before allowing mobile device connections, directly mitigating missing authorization for system access.

AC-2 Account Management
addresses: CWE-862

Requiring approvals for account creation and specifying authorizations ensures authorization is not missing for system access.

MITRE ATT&CK Enterprise TechniquesAI

T1021.005 VNC Lateral Movement
Adversaries may use [Valid Accounts](https://attack.
attack.mitre.org →
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Auth bypass in public-facing noVNC helper directly enables unauthenticated VNC/remote session access (T1021.005) via exploitation of the web route (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

OpenClaw versions 2026.2.21 before 2026.4.10 contain an authentication bypass vulnerability in the sandbox noVNC helper route that exposes interactive browser session credentials. Attackers can access the noVNC helper route without bridge authentication to gain unauthorized access to the interactive browser…

more

session.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s)
CWE-862

Affected Products

openclaw
openclaw
2026.2.21 — 2026.4.10

CVEs Like This One

CVE-2026-43580Same product: Openclaw Openclaw
CVE-2026-41394Same product: Openclaw Openclaw
CVE-2026-35660Same product: Openclaw Openclaw
CVE-2026-41378Same product: Openclaw Openclaw
CVE-2026-43573Same product: Openclaw Openclaw
CVE-2026-41352Same product: Openclaw Openclaw
CVE-2026-42439Same product: Openclaw Openclaw
CVE-2026-22172Same product: Openclaw Openclaw
CVE-2026-41349Same product: Openclaw Openclaw
CVE-2026-28446Same product: Openclaw Openclaw

References