Description
OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, Cron webhook delivery in src/gateway/server-cron.ts uses fetch() directly, so webhook targets can reach private/metadata/internal endpoints without SSRF policy checks. This issue was fixed in version 2026.2.19.
Published: 2026-02-21
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Server‑Side Request Forgery via cron webhooks
Action: Patch
AI Analysis

Impact

In OpenClaw versions 2026.2.17 and older, the cron webhook delivery code calls fetch() directly without performing SSRF policy checks. This allows a webhook target to be directed at private, metadata, or internal endpoints that should be inaccessible from the application, potentially exposing internal services or sensitive data. The weakness is an SSRF flaw, classified as CWE‑918.

Affected Systems

The affected product is OpenClaw, provided by OpenClaw. Versions 2026.2.17 and earlier are vulnerable. The issue was fixed in release 2026.2.19. No other product variants are listed.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity. The EPSS score is below 1 %, suggesting a low but non‑zero likelihood of exploitation, and the vulnerability is not currently listed in CISA’s Known Exploited Vulnerabilities catalog. Exploitation would require an attacker to influence the webhook configuration or trigger the cron job, allowing the application to issue unintended requests to internal resources. The lack of SSRF controls is the primary attack vector, and no additional preconditions are noted in the available information.

Generated by OpenCVE AI on April 17, 2026 at 16:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to OpenClaw version 2026.2.19 or later to receive the official SSRF fix.
  • If an upgrade is delayed, restrict cron webhook destinations by implementing a whitelist of approved URLs or by configuring a custom fetch helper that validates the target against an allowed list before sending the request.
  • Continuously monitor application logs for unexpected outbound HTTP requests originating from cron webhook processing to detect potential misconfigurations or attempted exploitation.

Generated by OpenCVE AI on April 17, 2026 at 16:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-w45g-5746-x9fp OpenClaw hardened cron webhook delivery against SSRF
History

Thu, 26 Feb 2026 04:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Feb 2026 20:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

Mon, 23 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Openclaw
Openclaw openclaw
Vendors & Products Openclaw
Openclaw openclaw

Sat, 21 Feb 2026 10:00:00 +0000

Type Values Removed Values Added
Description OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, Cron webhook delivery in src/gateway/server-cron.ts uses fetch() directly, so webhook targets can reach private/metadata/internal endpoints without SSRF policy checks. This issue was fixed in version 2026.2.19.
Title OpenClaw hardened cron webhook delivery against SSRF
Weaknesses CWE-918
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-24T18:12:40.027Z

Reserved: 2026-02-19T19:46:03.541Z

Link: CVE-2026-27488

cve-icon Vulnrichment

Updated: 2026-02-24T18:12:34.020Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-21T10:16:13.267

Modified: 2026-02-23T20:41:07.240

Link: CVE-2026-27488

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T17:00:10Z

Weaknesses