Duplicate Advisory: OpenClaw: SSRF via Unguarded Configured Base URLs in Multiple Channel Extensions (Incomplete Fix for CVE-2026-28476)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rhfg-j8jq-7v2h. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fa...

GHSA-8J7F-G9GV-7JHC Duplicate Advisory: OpenClaw: SSRF via Unguarded Configured Base URLs in Multiple Channel Extensions (Incomplete Fix for CVE-2026-28476)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rhfg-j8jq-7v2h. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fa...

EUVD-2026-21116

OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fail to properly guard configured base URLs against SSRF attacks. Attackers can exploit unprotected fetch calls against configured endpoints to rebind requests to blocked internal...

CVE-2026-35629

OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fail to properly guard configured base URLs against SSRF attacks. Attackers can exploit unprotected fetch calls against configured endpoints to rebind requests to blocked internal...

CVE-2026-35629 OpenClaw < 2026.3.25 - Server-Side Request Forgery via Unguarded Configured Base URLs in Channel Extensions

OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fail to properly guard configured base URLs against SSRF attacks. Attackers can exploit unprotected fetch calls against configured endpoints to rebind requests to blocked internal...

CVE-2026-35629

OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fail to properly guard configured base URLs against SSRF attacks. Attackers can exploit unprotected fetch calls against configured endpoints to rebind requests to blocked internal...

CVE-2026-35629 OpenClaw < 2026.3.25 - Server-Side Request Forgery via Unguarded Configured Base URLs in Channel Extensions

OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fail to properly guard configured base URLs against SSRF attacks. Attackers can exploit unprotected fetch calls against configured endpoints to rebind requests to blocked internal...

CVE-2026-35629

CVE-2026-35629 affects OpenClaw before version 2026.3.25. The issue is SSRF via unguarded configured base URLs in multiple channel extensions, where unprotected fetch() calls can rebinding requests to blocked internal destinations and access restricted resources. Impact per sources is limited to ...

OpenClaw 代码问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.25 had code vulnerabilities. These vulnerabilities stemmed from insufficient protection configurations for multiple channel extensions, which could lead to server-side request...

PT-2026-31765

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.25 Description OpenClaw versions prior to 2026.3.25 contain a server-side request forgery vulnerability in multiple channel extensions. The issue arises from a failure to properly guard configured base URLs...

OpenClaw has Sandbox Media Root Bypass via Unnormalized `mediaUrl` / `fileUrl` Parameter Keys (CWE-22)

Fixed in OpenClaw 2026.3.24, the current shipping release. Advisory Details Title: Sandbox Media Root Bypass via Unnormalized mediaUrl / fileUrl Parameter Keys CWE-22 Description: Summary A path traversal vulnerability in the agent sandbox enforcement allows a sandboxed agent to read arbitrary...

Server-side Request Forgery (SSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetch process in multiple channel extensions when outbound requests are made to configured base URLs without proper validation. An attacker can...

Server-side Request Forgery (SSRF)

Overview @openclaw/nextcloud-talk is an OpenClaw Nextcloud Talk channel plugin Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetch process in multiple channel extensions when outbound requests are made to configured base URLs without proper validatio...

Server-side Request Forgery (SSRF)

Overview @openclaw/bluebubbles is an OpenClaw BlueBubbles channel plugin Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetch process in multiple channel extensions when outbound requests are made to configured base URLs without proper validation. An...

OpenClaw: SSRF via Unguarded Configured Base URLs in Multiple Channel Extensions (Incomplete Fix for CVE-2026-28476)

Summary SSRF via Unguarded Configured Base URLs in Multiple Channel Extensions Incomplete Fix for CVE-2026-28476 Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24...