Description
OpenClaw before 2026.4.5 contains a server-side request forgery vulnerability in the CDP /json/version WebSocket endpoint that allows attackers to pivot to untrusted second-hop targets. The webSocketDebuggerUrl response field is not properly validated, enabling attackers to redirect connections to arbitrary hosts and perform SSRF-style attacks.
Published: 2026-05-06
Score: 4.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenClaw before 2026.4.5 contains a server‑side request forgery flaw in the CDP /json/version WebSocket endpoint. The webSocketDebuggerUrl response field is not validated, permitting an attacker to redirect the WebSocket connection to an arbitrary host and carry out server‑side request forgery in a second hop. This vulnerability can lead to confidential data exposure, manipulation of internal resources, or further compromise of downstream services, as demonstrated by the CWE‑601 and CWE‑918 weaknesses.

Affected Systems

The vulnerability affects the OpenClaw application distributed by OpenClaw. All releases prior to version 2026.4.5 are impacted. No other product versions are known to be affected.

Risk and Exploitability

The CVSS base score of 4.9 indicates moderate impact; the EPSS score is not available, so current likelihood is unknown. The vulnerability is not listed in the CISA KEV catalog. Attackers would typically target the CDP /json/version endpoint from within the same network or through a compromised client to redirect the debugger connection to a chosen second‑hop host. Successful exploitation requires the ability to receive the WebSocket response and then process the redirected URL, which is feasible for unauthenticated or low‑privilege users once the endpoint is exposed.

Generated by OpenCVE AI on May 6, 2026 at 21:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.4.5 or newer.
  • Disable or restrict access to the CDP /json/version WebSocket endpoint for untrusted clients.
  • Configure network controls, such as firewalls or ACLs, to block outgoing connections initiated by the debugger to internal or external hosts, limiting SSRF risk.
  • Implement host validation for the webSocketDebuggerUrl field, allowing only whitelisted destinations.

Generated by OpenCVE AI on May 6, 2026 at 21:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 06 May 2026 20:15:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.4.5 contains a server-side request forgery vulnerability in the CDP /json/version WebSocket endpoint that allows attackers to pivot to untrusted second-hop targets. The webSocketDebuggerUrl response field is not properly validated, enabling attackers to redirect connections to arbitrary hosts and perform SSRF-style attacks.
Title OpenClaw < 2026.4.5 - Second-hop SSRF via CDP /json/version WebSocket URL
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-601
CWE-918
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N'}

cvssV4_0

{'score': 4.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-07T12:30:31.282Z

Reserved: 2026-05-01T17:00:54.536Z

Link: CVE-2026-43576

cve-icon Vulnrichment

Updated: 2026-05-07T12:30:26.954Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T20:16:33.240

Modified: 2026-05-07T17:04:04.453

Link: CVE-2026-43576

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T22:30:13Z

Weaknesses