4 matches found
CVE-2026-35673 OpenClaw < 2026.4.29 - SSRF Policy Bypass via Browser Debug/Export Routes
OpenClaw before 2026.4.29 contains an SSRF policy bypass vulnerability in browser debug and export routes that allows reuse of already-open blocked tabs. Attackers with access to these routes can bypass private-network SSRF policies by reusing blocked tabs to export or inspect content that should...
Duplicate Advisory: web_search citation redirect SSRF via private-network-allowing policy
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-g99v-8hwm-g76g. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.3.1 contain a server-side request forgery vulnerability in websearch citation redirec...
EUVD-2026-13017
OpenClaw versions prior to 2026.3.1 contain a server-side request forgery vulnerability in websearch citation redirect resolution that uses a private-network-allowing SSRF policy. An attacker who can influence citation redirect targets can trigger internal-network requests from the OpenClaw host ...
PT-2026-7281
Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions 7.6.0 through 7.6.4 Description An authentication bypass issue exists in Fortinet FortiOS. This flaw may allow an unauthenticated attacker to bypass LDAP authentication for Agentless VPN or Fortinet Single Sign-On FSS...