Description
OpenClaw before 2026.4.14 contains a server-side request forgery vulnerability in browser SSRF policy that allows private-network navigation by default. Attackers can exploit this misconfiguration to access internal services or metadata endpoints through browser-driven requests.
Published: 2026-05-05
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenClaw before 2026.4.14 has a server‑side request forgery flaw caused by a misconfigured browser SSRF policy that permits navigation to private‑network resources. The flaw can allow an attacker to access internal services or metadata endpoints, potentially exposing sensitive information. This weakness maps to CWE‑1188 and CWE‑918.

Affected Systems

The vulnerability affects OpenClaw installations running versions prior to 2026.4.14, operating on a Node.js environment.

Risk and Exploitability

The CVSS score of 6.3 indicates a moderate severity. The EPSS score is not available, so the current exploitation probability cannot be quantified. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a browser that follows the default SSRF policy, enabling an attacker to trick the server into making requests to internal or metadata endpoints.

Generated by OpenCVE AI on May 5, 2026 at 12:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.4.14 or later, which removes the default private‑network navigation setting.
  • If an upgrade is not immediately possible, modify the browser SSRF policy configuration to disallow private‑network requests.
  • Segment internal services from the server’s network or implement network isolation to limit the impact of any potential SSRF exploitation.

Generated by OpenCVE AI on May 5, 2026 at 12:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-53vx-pmqw-863c OpenClaw: Browser SSRF policy default allowed private-network navigation
History

Tue, 05 May 2026 11:45:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.4.14 contains a server-side request forgery vulnerability in browser SSRF policy that allows private-network navigation by default. Attackers can exploit this misconfiguration to access internal services or metadata endpoints through browser-driven requests.
Title OpenClaw < 2026.4.14 - Server-Side Request Forgery via Private Network Navigation
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-1188
CWE-918
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N'}

cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-05T11:24:58.766Z

Reserved: 2026-05-01T16:56:19.947Z

Link: CVE-2026-43527

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-05T12:16:18.777

Modified: 2026-05-05T12:16:18.777

Link: CVE-2026-43527

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-05T13:00:06Z

Weaknesses