EUVD-2026-21116
GHSA-8j7f-g9gv-7jhc
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fail to properly guard configured base URLs against SSRF attacks. Attackers can exploit unprotected fetch() calls against configured endpoints to rebind requests to blocked internal destinations and access restricted resources.
Analysis
Server-side request forgery (SSRF) in OpenClaw before version 2026.3.25 allows authenticated attackers to bypass configured endpoint protections through unguarded fetch() calls in channel extensions, enabling rebinding of requests to internal resources and potential unauthorized access to restricted services. The vulnerability affects multiple channel extensions that fail to properly validate or restrict base URL usage, with a CVSS score of 5.3 reflecting moderate risk due to required authentication and limited initial impact scope.
Sign in for full analysis, threat intelligence, and remediation guidance.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today