Description
OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in browser CDP profile creation that skips strict-mode SSRF policy checks. Attackers can create stored profiles pointing to private-network or metadata endpoints that bypass security policies and are later probed during normal profile status operations.
Published: 2026-05-11
Score: 2.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenClaw versions prior to 2026.4.20 contain a flaw that allows a malicious user to create browser CDP profiles which bypass the application’s strict‑mode Server‑Side Request Forgery policy. An attacker can store a profile that points to a private‑network or metadata endpoint; when the application later checks the status of that profile, it will automatically send a request to the attacker‑controlled URL. The result is that internal services or data can be accessed or exfiltrated, representing a classic Server‑Side Request Forgery weakness (CWE‑918).

Affected Systems

Vendors affected are OpenClaw, specifically the OpenClaw application. All releases before 2026.4.20 are vulnerable. The vulnerability is present in the Node.js‑based code base and is mitigated in the 2026.4.20 release brought in by the identified commits.

Risk and Exploitability

The CVSS score of 2.3 indicates a low‑severity baseline. EPSS is not available and the vulnerability is not listed in CISA’s KEV catalog, suggesting limited public exploitation. The attack vector is inferred to be through the profile creation interface that accepts arbitrary URLs, potentially requiring authenticated access to that interface. Once a malicious profile is stored, the application automatically probes it during normal status operations, providing a persistent exploitation vector with moderate feasibility but low initial impact rating.

Generated by OpenCVE AI on May 11, 2026 at 18:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.4.20 or later, which removes the flawed profile‑creation logic.
  • If an upgrade is not immediately possible, disable or restrict the ability to create custom CDP profiles, or modify the application to enforce strict‑mode SSRF checks on profile URLs.
  • Implement network segmentation or firewall rules that block outgoing requests from the OpenClaw application to internal or metadata endpoints, thereby limiting potential internal data exposure.

Generated by OpenCVE AI on May 11, 2026 at 18:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 11 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in browser CDP profile creation that skips strict-mode SSRF policy checks. Attackers can create stored profiles pointing to private-network or metadata endpoints that bypass security policies and are later probed during normal profile status operations.
Title OpenClaw < 2026.4.20 - Server-Side Request Forgery via Browser CDP Profile Creation
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-918
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N'}

cvssV4_0

{'score': 2.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-11T18:25:44.210Z

Reserved: 2026-05-08T16:41:39.934Z

Link: CVE-2026-45000

cve-icon Vulnrichment

Updated: 2026-05-11T18:25:39.995Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-11T18:16:40.087

Modified: 2026-05-12T14:20:56.547

Link: CVE-2026-45000

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T19:15:42Z

Weaknesses