17 matches found
EUVD-2026-25345
OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable IPv6 addresses to bypass SSRF protections...
CVE-2026-41361
OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable IPv6 addresses to bypass SSRF protections...
CVE-2026-41361 OpenClaw < 2026.3.28 - SSRF Guard Bypass via IPv6 Special-Use Ranges
OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable IPv6 addresses to bypass SSRF protections...
CVE-2026-41361 OpenClaw < 2026.3.28 - SSRF Guard Bypass via IPv6 Special-Use Ranges
OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable IPv6 addresses to bypass SSRF protections...
CVE-2026-41361
OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable IPv6 addresses to bypass SSRF protections...
CVE-2026-41361
OpenClaw is affected by a SSRF guard bypass vulnerability prior to version 2026.3.28, where four IPv6 special-use ranges are not blocked. Attackers could craft URLs targeting internal or non-routable IPv6 addresses to bypass SSRF protections. The CVE details indicate a NETWORK-style issue with me...
GHSA-G86V-F9QV-RH6M OpenClaw SSRF guard misses four IPv6 special-use ranges
Summary The SSRF/IP classifier treated several IPv6 special-use ranges as public and allowed fetches to proceed. Impact An attacker who controlled a fetched URL could target internal or non-routable IPv6 addresses that should have been blocked by the SSRF guard. Affected Component...
OpenClaw SSRF guard misses four IPv6 special-use ranges
Summary The SSRF/IP classifier treated several IPv6 special-use ranges as public and allowed fetches to proceed. Impact An attacker who controlled a fetched URL could target internal or non-routable IPv6 addresses that should have been blocked by the SSRF guard. Affected Component...
CVE-2026-32019
OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-use range validation in the isPrivateIpv4 function, allowing requests to RFC-reserved ranges to bypass SSRF policy checks. Attackers with network reachability to special-use IPv4 ranges can exploit webfetch functionality to acce...
CVE-2026-32019
OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-use range validation in the isPrivateIpv4 function, allowing requests to RFC-reserved ranges to bypass SSRF policy checks. Attackers with network reachability to special-use IPv4 ranges can exploit webfetch functionality to acce...
CVE-2026-32019 OpenClaw < 2026.2.22 - Incomplete IPv4 Special-Use Range Blocking in SSRF Guard
OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-use range validation in the isPrivateIpv4 function, allowing requests to RFC-reserved ranges to bypass SSRF policy checks. Attackers with network reachability to special-use IPv4 ranges can exploit webfetch functionality to acce...
CVE-2026-32019 OpenClaw < 2026.2.22 - Incomplete IPv4 Special-Use Range Blocking in SSRF Guard
OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-use range validation in the isPrivateIpv4 function, allowing requests to RFC-reserved ranges to bypass SSRF policy checks. Attackers with network reachability to special-use IPv4 ranges can exploit webfetch functionality to acce...
CVE-2026-32019
OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-use range validation in the isPrivateIpv4 function, allowing requests to RFC-reserved ranges to bypass SSRF policy checks. Attackers with network reachability to special-use IPv4 ranges can exploit webfetch functionality to acce...
EUVD-2026-13286
OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-use range validation in the isPrivateIpv4 function, allowing requests to RFC-reserved ranges to bypass SSRF policy checks. Attackers with network reachability to special-use IPv4 ranges can exploit webfetch functionality to acce...
OpenClaw has incomplete IPv4 special-use SSRF blocking in web fetch guard
Summary isPrivateIpv4 in bundled SSRF guard code missed several IPv4 special-use/non-global ranges, so webfetch could allow targets that should be blocked by SSRF policy. Affected Packages / Versions - Package: openclaw npm - Latest published affected version: 2026.2.21-2 published 2026-02-21 -...
GHSA-4RQQ-W8V4-7P47 OpenClaw has incomplete IPv4 special-use SSRF blocking in web fetch guard
Summary isPrivateIpv4 in bundled SSRF guard code missed several IPv4 special-use/non-global ranges, so webfetch could allow targets that should be blocked by SSRF policy. Affected Packages / Versions - Package: openclaw npm - Latest published affected version: 2026.2.21-2 published 2026-02-21 -...
PT-2026-26400
Summary isPrivateIpv4 in bundled SSRF guard code missed several IPv4 special-use/non-global ranges, so web fetch could allow targets that should be blocked by SSRF policy. Affected Packages / Versions - Package: openclaw npm - Latest published affected version: 2026.2.21-2 published 2026-02-21 -...