10 matches found
CVE-2026-28476
OpenClaw versions prior to 2026.2.14 contain a server-side request forgery vulnerability in the optional Tlon Urbit extension that accepts user-provided base URLs for authentication without proper validation. Attackers who can influence the configured Urbit URL can induce the gateway to make HTTP...
CVE-2026-28476
OpenClaw versions prior to 2026.2.14 contain a server-side request forgery vulnerability in the optional Tlon Urbit extension that accepts user-provided base URLs for authentication without proper validation. Attackers who can influence the configured Urbit URL can induce the gateway to make HTTP...
CVE-2026-28476
OpenClaw versions prior to 2026.2.14 contain a server-side request forgery vulnerability in the optional Tlon Urbit extension that accepts user-provided base URLs for authentication without proper validation. Attackers who can influence the configured Urbit URL can induce the gateway to make HTTP...
CVE-2026-28476
OpenClaw versions prior to 2026.2.14 contain a server-side request forgery vulnerability in the optional Tlon Urbit extension that accepts user-provided base URLs for authentication without proper validation. Attackers who can influence the configured Urbit URL can induce the gateway to make HTTP...
CVE-2026-28476 OpenClaw < 2026.2.14 - Server-Side Request Forgery in Tlon Extension Authentication
OpenClaw versions prior to 2026.2.14 contain a server-side request forgery vulnerability in the optional Tlon Urbit extension that accepts user-provided base URLs for authentication without proper validation. Attackers who can influence the configured Urbit URL can induce the gateway to make HTTP...
EUVD-2026-9922
OpenClaw versions prior to 2026.2.14 contain a server-side request forgery vulnerability in the optional Tlon Urbit extension that accepts user-provided base URLs for authentication without proper validation. Attackers who can influence the configured Urbit URL can induce the gateway to make HTTP...
OpenClaw 代码问题漏洞
OpenClaw is an open-source intelligent artificial assistant. Versions of OpenClaw prior to 2026.2.14 had code vulnerabilities. These vulnerabilities stemmed from the optional Tlon Urbit extension, which had issues with server-side request forgeing attacks. The extension accepted basic URLs for...
OpenClaw affected by SSRF in optional Tlon (Urbit) extension authentication
Summary The optional Tlon Urbit extension previously accepted a user-provided base URL for authentication and used it to construct an outbound HTTP request, enabling server-side request forgery SSRF in affected deployments. Impact This only affects deployments that have installed and configured t...
GHSA-PG2V-8XWH-QHCC OpenClaw affected by SSRF in optional Tlon (Urbit) extension authentication
Summary The optional Tlon Urbit extension previously accepted a user-provided base URL for authentication and used it to construct an outbound HTTP request, enabling server-side request forgery SSRF in affected deployments. Impact This only affects deployments that have installed and configured t...
PT-2026-23551
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 Description The optional Tlon Urbit extension does not properly validate user-provided base URLs for authentication, leading to a server-side request forgery SSRF. This allows attackers who can influence th...