Lucene search
K

14 matches found

Vulnrichment
Vulnrichment
added 2026/06/10 8:27 p.m.8 views

CVE-2026-50131 Fedify has an incomplete SSRF mitigation after GHSA-p9cg-vqcc-grcx: validatePublicUrl allows special-use IPv4 ranges

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access in GHSA-p9cg-vqcc-grcx by adding public URL validation before runtime document and media fetching. However, the IPv4 validation logic present starting...

8.6CVSS5.4AI score0.00269EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 8:27 p.m.16 views

CVE-2026-50131

Fedify (TypeScript federated server framework) has an incomplete SSRF mitigation in validatePublicUrl(): isValidPublicIPv4Address() blocks common private/local ranges but still treats several special-use, reserved, multicast, benchmarking, and carrier-grade NAT IPv4 ranges as valid. This exposes ...

8.6CVSS5.4AI score0.00269EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/24 12:31 a.m.5 views

EUVD-2026-25345

OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable IPv6 addresses to bypass SSRF protections...

7.1CVSS5.8AI score0.00202EPSS
Exploits0References3
NVD
NVD
added 2026/04/23 10:16 p.m.8 views

CVE-2026-41361

OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable IPv6 addresses to bypass SSRF protections...

7.1CVSS0.00202EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/23 9:58 p.m.32 views

CVE-2026-41361 OpenClaw < 2026.3.28 - SSRF Guard Bypass via IPv6 Special-Use Ranges

OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable IPv6 addresses to bypass SSRF protections...

7.1CVSS0.00202EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/23 9:58 p.m.4 views

CVE-2026-41361 OpenClaw < 2026.3.28 - SSRF Guard Bypass via IPv6 Special-Use Ranges

OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable IPv6 addresses to bypass SSRF protections...

7.1CVSS5.2AI score0.00202EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/31 11:58 p.m.10 views

OpenClaw SSRF guard misses four IPv6 special-use ranges

Summary The SSRF/IP classifier treated several IPv6 special-use ranges as public and allowed fetches to proceed. Impact An attacker who controlled a fetched URL could target internal or non-routable IPv6 addresses that should have been blocked by the SSRF guard. Affected Component...

5.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/31 11:58 p.m.1 views

GHSA-G86V-F9QV-RH6M OpenClaw SSRF guard misses four IPv6 special-use ranges

Summary The SSRF/IP classifier treated several IPv6 special-use ranges as public and allowed fetches to proceed. Impact An attacker who controlled a fetched URL could target internal or non-routable IPv6 addresses that should have been blocked by the SSRF guard. Affected Component...

3.1CVSS5.9AI score
Exploits0References3
Cvelist
Cvelist
added 2026/03/19 10:6 p.m.19 views

CVE-2026-32019 OpenClaw < 2026.2.22 - Incomplete IPv4 Special-Use Range Blocking in SSRF Guard

OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-use range validation in the isPrivateIpv4 function, allowing requests to RFC-reserved ranges to bypass SSRF policy checks. Attackers with network reachability to special-use IPv4 ranges can exploit webfetch functionality to acce...

7.4CVSS0.00206EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/19 10:6 p.m.4 views

CVE-2026-32019 OpenClaw < 2026.2.22 - Incomplete IPv4 Special-Use Range Blocking in SSRF Guard

OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-use range validation in the isPrivateIpv4 function, allowing requests to RFC-reserved ranges to bypass SSRF policy checks. Attackers with network reachability to special-use IPv4 ranges can exploit webfetch functionality to acce...

7.4CVSS5.8AI score0.00206EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/19 10:6 p.m.9 views

EUVD-2026-13286

OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-use range validation in the isPrivateIpv4 function, allowing requests to RFC-reserved ranges to bypass SSRF policy checks. Attackers with network reachability to special-use IPv4 ranges can exploit webfetch functionality to acce...

6CVSS5.8AI score0.00206EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/19 10:6 p.m.3 views

CVE-2026-32019

OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-use range validation in the isPrivateIpv4 function, allowing requests to RFC-reserved ranges to bypass SSRF policy checks. Attackers with network reachability to special-use IPv4 ranges can exploit webfetch functionality to acce...

6CVSS5.8AI score0.00206EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/03/04 7:3 p.m.8 views

OpenClaw has incomplete IPv4 special-use SSRF blocking in web fetch guard

Summary isPrivateIpv4 in bundled SSRF guard code missed several IPv4 special-use/non-global ranges, so webfetch could allow targets that should be blocked by SSRF policy. Affected Packages / Versions - Package: openclaw npm - Latest published affected version: 2026.2.21-2 published 2026-02-21 -...

7.4CVSS6AI score0.00206EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/03/04 7:3 p.m.3 views

GHSA-4RQQ-W8V4-7P47 OpenClaw has incomplete IPv4 special-use SSRF blocking in web fetch guard

Summary isPrivateIpv4 in bundled SSRF guard code missed several IPv4 special-use/non-global ranges, so webfetch could allow targets that should be blocked by SSRF policy. Affected Packages / Versions - Package: openclaw npm - Latest published affected version: 2026.2.21-2 published 2026-02-21 -...

6.9CVSS6AI score0.00206EPSS
Exploits0References8
Rows per page
Query Builder