OpenClaw versions before 2026.2.14 contain a server‑side request forgery flaw in the optional Tlon Urbit extension. The gateway accepts a user‑controlled base URL for authentication without validating that it points to a legitimate destination. An attacker who can influence the configured Urbit URL can cause the server to issue HTTP requests to arbitrary hosts, including internal network addresses, exposing internal data and potentially enabling further exploitation. The weakness is a classic input‑validation failure (CWE‑918), allowing remote HTTP calls that bypass normal access controls.

Any installation of OpenClaw that has the Tlon Urbit extension enabled and is running a version prior to 2026.2.14 is impacted. The vulnerability applies to all deployments where the base Urbit URL can be influenced by an external user or attacker. No specific third‑party integrations are mentioned beyond the Tlon component.

The CVSS base score of 6.3 indicates a medium severity risk. The EPSS score of less than 1% shows a very low current probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. Nonetheless, the attack vector is inferred to require the attacker to modify the configured Urbit URL or otherwise influence the authentication process, which could be feasible in environments where configuration is exposed or improperly secured. Once exploited, the attacker can retrieve or manipulate data located on internal hosts that the gateway is permitted to contact.