CVE-2026-62214
OpenClaw Bot Framework (versions before 2026.5.28) contains an input validation flaw in serviceUrl parameters that enables SSRF-style access by lower-trust callers. This misvalidation can allow retrieval of bot tokens and credentials by supplying malicious serviceUrl values through configured inp...