CVE-2026-41361

OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable IPv6 addresses to bypass SSRF protections...

PT-2026-34792

OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable IPv6 addresses to bypass SSRF protections...

Server-side Request Forgery (SSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper handling of IPv6 special-use address ranges in the src/shared/net/ip.ts and src/infra/net/ssrf. components. An attacker can access internal o...

Provisioning Services with multiple non routable streaming networks

Using Provisioning Services with multiple non routable streaming networks may result in target devices failing to fully boot.A simple example is described below, how customers may have multiple PVS servers added to each network. Example single PVS server farm, the PVS server has three network...

Unable to Bind Provisioning Services TFTP Service to Multiple NICs

Target devices on different non-routable VLANs are unable to connect to the Provisioning Services PVS server that has a NIC bound to each of the non-routable VLANs...

Private IP Address Disclosure

Private, or non-routable, IP addresses are generally used within a home or company network and are typically unknown to anyone outside of that network. Cyber-criminals will attempt to identify the private IP address range being used by their victim, to aid in collecting further information that...