CVE-2026-28476
HIGH
GHSA-pg2v-8xwh-qhcc
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Lifecycle Timeline
3Tags
Description
OpenClaw versions prior to 2026.2.14 contain a server-side request forgery vulnerability in the optional Tlon Urbit extension that accepts user-provided base URLs for authentication without proper validation. Attackers who can influence the configured Urbit URL can induce the gateway to make HTTP requests to arbitrary hosts including internal addresses.
Analysis
OpenClaw versions before 2026.2.14 fail to validate base URLs in the Tlon Urbit extension, allowing attackers to trigger server-side request forgery attacks that direct the gateway to arbitrary hosts, including internal systems. This network-accessible vulnerability requires no authentication and can result in information disclosure and service disruption. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all OpenClaw deployments and determine which have the Tlon Urbit extension enabled. Within 7 days: Implement network segmentation to restrict OpenClaw's outbound access and deploy WAF rules to block suspicious base URL parameters; disable the Urbit extension if not business-critical. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today