Openclaw
CVE-2026-32019
LOW
Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-use range validation in the isPrivateIpv4() function, allowing requests to RFC-reserved ranges to bypass SSRF policy checks. Attackers with network reachability to special-use IPv4 ranges can exploit web_fetch functionality to access blocked addresses such as 198.18.0.0/15 and other non-global ranges.
AnalysisAI
OpenClaw versions prior to 2026.2.22 contain incomplete validation of IPv4 special-use ranges in the isPrivateIpv4() function, allowing attackers to bypass Server-Side Request Forgery (SSRF) policy checks and access RFC-reserved address ranges that should be blocked. An authenticated attacker with network reachability to special-use IPv4 ranges such as 198.18.0.0/15 can exploit the web_fetch functionality to access blocked internal addresses, resulting in information disclosure and potential lateral movement. The vulnerability has been patched and security advisories are available from the OpenClaw project.
Technical ContextAI
This vulnerability affects OpenClaw's SSRF mitigation layer, specifically the isPrivateIpv4() function which is responsible for validating whether IP addresses fall within RFC-designated special-use ranges that should not be accessible via web requests. The root cause is classified under CWE-918 (Server-Side Request Forgery), which occurs when an application fails to properly validate and restrict user-controllable URLs before making network requests. OpenClaw's incomplete range validation means that certain RFC-reserved IPv4 blocks including 198.18.0.0/15 (TEST-NET-2) and other non-globally-routable ranges are not properly identified as restricted, allowing them to pass through SSRF guards. The web_fetch functionality then proceeds to make requests to these supposedly-protected ranges, enabling unauthorized access to internal network resources. The fix requires comprehensive enumeration of all IPv4 special-use ranges as defined in RFC 5735 and RFC 6598.
RemediationAI
Upgrade OpenClaw to version 2026.2.22 or later immediately, as multiple patch commits have been merged to address the isPrivateIpv4() validation gaps. Consult the official GitHub security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-4rqq-w8v4-7p47 for detailed upgrade instructions and confirmation of patches in your release branch. As a temporary mitigation while patching is in progress, restrict network egress from OpenClaw instances to explicitly allow only necessary external destinations, implement IP filtering at the network perimeter to block requests destined for RFC-reserved ranges (198.18.0.0/15, 169.254.0.0/16, 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, and others), and consider disabling the web_fetch functionality entirely if not essential for operations. Additionally, audit access logs to identify any exploitation attempts against special-use ranges.
Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.
Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access b
OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated att
An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.
OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs e
Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files in
OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, all
OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace director
OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run func
OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consiste
OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low
OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSec
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-4rqq-w8v4-7p47