Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Blast Radius
ecosystem impact- 1 npm packages depend on openclaw (1 direct, 0 indirect)
Ecosystem-wide dependent count for version 2026.4.5.
DescriptionCVE.org
OpenClaw before 2026.4.5 contains a server-side request forgery vulnerability in the CDP /json/version WebSocket endpoint that allows attackers to pivot to untrusted second-hop targets. The webSocketDebuggerUrl response field is not properly validated, enabling attackers to redirect connections to arbitrary hosts and perform SSRF-style attacks.
AnalysisAI
Server-side request forgery via unvalidated WebSocket URL in OpenClaw before 2026.4.5 allows authenticated attackers to pivot connections to arbitrary hosts through the Chrome DevTools Protocol (CDP) /json/version endpoint. The webSocketDebuggerUrl response field lacks validation, enabling second-hop SSRF attacks where an attacker can redirect browser profile connections to untrusted targets on internal or external networks. No public exploit code identified at time of analysis, but the vulnerability is straightforward to trigger once authenticated to the CDP endpoint.
Technical ContextAI
OpenClaw is a browser automation framework that uses Chrome DevTools Protocol (CDP) to control browser instances. The vulnerability exists in the CDP endpoint handler at /json/version, which returns a webSocketDebuggerUrl field. This field is parsed and used to establish WebSocket connections to the debugging interface. The root cause (CWE-601: URL Redirection to Untrusted Site) stems from insufficient validation of the webSocketDebuggerUrl value before the client application attempts to connect. The attacker can craft a malicious CDP response containing a webSocketDebuggerUrl pointing to an internal IP address (e.g., 169.254.169.254 AWS metadata endpoint or 127.0.0.1 internal services) or external attacker-controlled host. The fix implements endpoint validation using a strict SSRF policy that compares both the initial CDP URL and any discovered secondary endpoints against a whitelist of allowed hostnames, blocking cross-host pivots and direct WebSocket targets to restricted networks.
RemediationAI
Upgrade OpenClaw to version 2026.4.5 or later (recommend 2026.4.14 or newer from npm). For npm users, run 'npm install openclaw@^2026.4.5' to update. The fix is available in commit bc356cc8c2beaa747c71dd86cceab8f804699665 and PR #60469 (https://github.com/openclaw/openclaw/pull/60469). No workarounds are available for older versions; patching is the required remediation. If immediate upgrade is not possible, restrict network access to the CDP endpoint to only trusted, authenticated clients and monitor outbound connections from OpenClaw for unexpected SSRF pivots to internal IPs (169.254.169.254, 127.0.0.1, or private RFC 1918 ranges). See the GitHub Security Advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-f7fh-qg34-x2xh for additional details.
More in Open Redirect
View allA malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL ca
GFI Kerio Control versions 9.2.5 through 9.4.5 contain an HTTP response splitting vulnerability in the dest parameter of
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect
Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to
Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows
Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 b
Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (li
Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3
Flarum is open source discussion platform software. Rated medium severity (CVSS 6.5), this vulnerability is remotely exp
Open redirect vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites
Open redirect vulnerability in the Redirect function in stageshow_redirect.php in the StageShow plugin before 5.0.9 for
Nteract v.0.28.0 was discovered to contain a remote code execution (RCE) vulnerability via the Markdown link. Rated crit
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-28164