Lucene search
K

89765 matches found

Snyk
Snyk
added 2026/05/05 1:35 p.m.6 views

Server-side Request Forgery (SSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the QQBot reply media URL handling process. An attacker can access internal resources and exfiltrate sensitive information by supplying crafted media...

9.3CVSS5.8AI score0.00251EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/05 1:35 p.m.7 views

Server-side Request Forgery (SSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the browser-driven request process. An attacker can access internal services or metadata endpoints by sending crafted requests to private network...

7.7CVSS5.8AI score0.0028EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/05 1:35 p.m.8 views

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization via the tabs/action endpoint in browser tab action routes. An attacker can gain unauthorized access to restricted resources by sending crafted requests that bypass...

8.5CVSS5.8AI score0.00242EPSS
Exploits0References2
NVD
NVD
added 2026/05/05 12:16 p.m.10 views

CVE-2026-43573

OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in existing-session browser interaction routes. Attackers can bypass SSRF navigation guards to interact with or navigate to unauthorized targets without policy enforcement...

7.7CVSS0.00253EPSS
Exploits0References3
NVD
NVD
added 2026/05/05 12:16 p.m.14 views

CVE-2026-42439

OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in the browser tabs action select and close routes. Attackers can bypass configured browser SSRF policy protections by exploiting the /tabs/action endpoint to perform unauthorized tab navigation operation...

8.5CVSS0.00242EPSS
Exploits0References3
NVD
NVD
added 2026/05/05 12:16 p.m.12 views

CVE-2026-43526

OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to fetch arbitrary content. Attackers can exploit this by providing malicious media URLs that trigger SSRF requests, with fetched bytes subsequently re-uploaded...

9.3CVSS0.00251EPSS
Exploits0References4
CVE
CVE
added 2026/05/05 11:25 a.m.15 views

CVE-2026-43573

CVE-2026-43573 affects OpenClaw prior to 2026.4.10. It describes a server-side request forgery (SSRF) policy bypass in existing-session browser interaction routes, allowing attackers to bypass navigation guards and interact with or navigate to unauthorized targets without policy enforcement. Impa...

7.7CVSS5.8AI score0.00253EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/05 11:25 a.m.7 views

CVE-2026-43573

OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in existing-session browser interaction routes. Attackers can bypass SSRF navigation guards to interact with or navigate to unauthorized targets without policy enforcement...

7.7CVSS5.8AI score0.00253EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/05 11:25 a.m.33 views

CVE-2026-43573 OpenClaw < 2026.4.10 - SSRF Policy Bypass in Existing-Session Browser Interaction Routes

OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in existing-session browser interaction routes. Attackers can bypass SSRF navigation guards to interact with or navigate to unauthorized targets without policy enforcement...

7.7CVSS0.00253EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/05 11:25 a.m.6 views

EUVD-2026-27297

OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in existing-session browser interaction routes. Attackers can bypass SSRF navigation guards to interact with or navigate to unauthorized targets without policy enforcement...

7.7CVSS5.8AI score0.00253EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/05 11:24 a.m.4 views

CVE-2026-43527

OpenClaw before 2026.4.14 contains a server-side request forgery vulnerability in browser SSRF policy that allows private-network navigation by default. Attackers can exploit this misconfiguration to access internal services or metadata endpoints through browser-driven requests...

7.7CVSS5.8AI score0.0028EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/05 11:24 a.m.10 views

CVE-2026-43527 OpenClaw < 2026.4.14 - Server-Side Request Forgery via Private Network Navigation

OpenClaw before 2026.4.14 contains a server-side request forgery vulnerability in browser SSRF policy that allows private-network navigation by default. Attackers can exploit this misconfiguration to access internal services or metadata endpoints through browser-driven requests...

7.7CVSS5.8AI score0.0028EPSS
Exploits0References6
CVE
CVE
added 2026/05/05 11:24 a.m.15 views

CVE-2026-43527

OpenClaw is affected by CVE-2026-43527: before 2026.4.14, a server-side request forgery in the browser SSRF policy allows private-network navigation by default, enabling browser-driven requests to internal services or metadata endpoints. Impact is confined to what the vendor notes; exploitability...

7.7CVSS5.8AI score0.0028EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/05/05 11:24 a.m.6 views

EUVD-2026-27263

OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to fetch arbitrary content. Attackers can exploit this by providing malicious media URLs that trigger SSRF requests, with fetched bytes subsequently re-uploaded...

8.3CVSS5.9AI score0.00251EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/05 11:24 a.m.3 views

CVE-2026-43526

OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to fetch arbitrary content. Attackers can exploit this by providing malicious media URLs that trigger SSRF requests, with fetched bytes subsequently re-uploaded...

8.3CVSS5.9AI score0.00251EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/05 11:24 a.m.5 views

EUVD-2026-27265

OpenClaw before 2026.4.14 contains a server-side request forgery vulnerability in browser SSRF policy that allows private-network navigation by default. Attackers can exploit this misconfiguration to access internal services or metadata endpoints through browser-driven requests...

7.7CVSS5.8AI score0.0028EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/05 11:24 a.m.35 views

CVE-2026-43527 OpenClaw < 2026.4.14 - Server-Side Request Forgery via Private Network Navigation

OpenClaw before 2026.4.14 contains a server-side request forgery vulnerability in browser SSRF policy that allows private-network navigation by default. Attackers can exploit this misconfiguration to access internal services or metadata endpoints through browser-driven requests...

7.7CVSS0.0028EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/05 11:24 a.m.37 views

CVE-2026-43526 OpenClaw < 2026.4.12 - Server-Side Request Forgery via QQBot Reply Media URL Handling

OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to fetch arbitrary content. Attackers can exploit this by providing malicious media URLs that trigger SSRF requests, with fetched bytes subsequently re-uploaded...

8.3CVSS0.00251EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/05 11:24 a.m.5 views

CVE-2026-43526 OpenClaw < 2026.4.12 - Server-Side Request Forgery via QQBot Reply Media URL Handling

OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to fetch arbitrary content. Attackers can exploit this by providing malicious media URLs that trigger SSRF requests, with fetched bytes subsequently re-uploaded...

8.3CVSS5.9AI score0.00251EPSS
Exploits0References4
CVE
CVE
added 2026/05/05 11:24 a.m.20 views

CVE-2026-42439

OpenClaw prior to 2026.4.10 contains a server-side request forgery policy bypass in the browser tabs action routes (/tabs/action). This allows bypassing configured SSRF protections to perform unauthorized tab navigation operations. Affected: OpenClaw; vulnerability likely affects the browser tabs...

8.5CVSS5.8AI score0.00242EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder