CVE-2026-26324 - Vulnerability Details

- OpenClaw has a SSRF guard bypass via full-form IPv4-mapped IPv6 (loopback / metadata reachable)

Description

OpenClaw is a personal AI assistant. Prior to version 2026.2.14, OpenClaw's SSRF protection could be bypassed using full-form IPv4-mapped IPv6 literals such as `0:0:0:0:0:ffff:7f00:1` (which is `127.0.0.1`). This could allow requests that should be blocked (loopback / private network / link-local metadata) to pass the SSRF guard. Version 2026.2.14 patches the issue.

Published: 2026-02-19

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

OpenClaw’s SSRF protection could be bypassed by using full‑form IPv4‑mapped IPv6 literals, such as 0:0:0:0:0:ffff:7f00:1, which resolves to 127.0.0.1. This allows requests that should be blocked—loopback, private network, or link‑local metadata—to pass the guard. As a result, an attacker could coerce the application to access internal services, exposing sensitive data or enabling further exploitation. The weakness corresponds to CWE‑918 and the vulnerability is scored CVSS 7.5.

Affected Systems

The affected product is OpenClaw releases prior to version 2026.2.14. The issue was fixed in release v2026.2.14, available from the OpenClaw GitHub repository.

Risk and Exploitability

The CVSS score of 7.5 indicates high risk, but the EPSS score of <1% suggests that exploit attempts are currently rare. The vulnerability is not listed in the CISA KEV catalog. Attackers would need to supply the crafted IPv4‑mapped IPv6 address in a request that reaches the SSRF target endpoint; if they can influence such a request, they can exploit the bypass. The most likely attack vector is an externally triggered request to the OpenClaw instance, potentially via an exposed API or user interface that accepts URLs.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

openclaw

affected

Version	Status	Constraints
`< 2026.2.14`	affected	—

Configuration 1 [-]

cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*

No data.

Vendor Product Confidence Versions

Openclaw

100%

Version	Status	Scheme	Platform
`[0,2026.2.14)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade OpenClaw to version 2026.2.14 or newer to apply the SSRF guard patch.
Restrict the OpenClaw process’s outbound network access to only the domains it needs, blocking private IP ranges and loopback addresses.
Monitor application logs for unusual outbound requests or attempted SSRF payloads, and review network traffic for internal resolution attempts.

Generated by OpenCVE AI on April 17, 2026 at 17:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Github GHSA	GHSA-jrvc-8ff5-2f9f	OpenClaw has a SSRF guard bypass via full-form IPv4-mapped IPv6 (loopback / metadata reachable)

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00017.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://github.com/openclaw/openclaw/commit/c0c0e0f9aecb913e738742f73e091f2f72d39a19
https://github.com/openclaw/openclaw/releases/tag/v2026.2.14
https://github.com/openclaw/openclaw/security/advisories/GHSA-jrvc-8ff5-2f9f

History

Mon, 23 Feb 2026 18:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:openclaw:openclaw::::::node.js::*

Fri, 20 Feb 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 20 Feb 2026 10:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Openclaw Openclaw openclaw
Vendors & Products		Openclaw Openclaw openclaw

Thu, 19 Feb 2026 23:15:00 +0000

Type	Values Removed	Values Added
Description		OpenClaw is a personal AI assistant. Prior to version 2026.2.14, OpenClaw's SSRF protection could be bypassed using full-form IPv4-mapped IPv6 literals such as `0:0:0:0:0:ffff:7f00:1` (which is `127.0.0.1`). This could allow requests that should be blocked (loopback / private network / link-local metadata) to pass the SSRF guard. Version 2026.2.14 patches the issue.
Title		OpenClaw has a SSRF guard bypass via full-form IPv4-mapped IPv6 (loopback / metadata reachable)
Weaknesses		CWE-918
References		https://github.com/openclaw/openclaw/commit/c0c0e0f9aecb913e738742f73e091f2f72d39a19 https://github.com/openclaw/openclaw/releases/tag/v2026.2.14 https://github.com/openclaw/openclaw/security/advisories/GHSA-jrvc-8ff5-2f9f
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

Subscriptions

Openclaw Openclaw

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-02-19T22:49:24.293Z

Updated: 2026-02-20T15:40:05.566Z

Reserved: 2026-02-13T16:27:51.808Z

Link: CVE-2026-26324

Vulnrichment

Updated: 2026-02-20T15:31:54.524Z

NVD

Status : Analyzed

Published: 2026-02-19T23:16:25.653

Modified: 2026-02-23T18:13:45.107

Link: CVE-2026-26324

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-17T18:00:12Z

Weaknesses

CWE-918

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object