OpenClaw SSRF Protection Bypass Vulnerability

A vulnerability in OpenClaw's SSRF (Server-Side Request Forgery) protection allows bypassing the guard against loopback, private network, and link-local metadata requests. This issue affects OpenClaw versions through 2026.2.13. The vulnerability arises from the SSRF guard's failure to consistently classify private IPv4 addresses when represented as full-form IPv4-mapped IPv6 literals, such as '0:0:0:0:0:ffff:7f00:1' (equivalent to 127.0.0.1). Exploiting this flaw could enable unauthorized access to blocked resources, such as internal metadata services.

Impact

Bypassing the SSRF protection can lead to unauthorized access to loopback or private network resources, including sensitive metadata that should be protected from such requests.

Reproduction

The vulnerability can be reproduced by sending a request with a full-form IPv4-mapped IPv6 literal that points to a loopback or private address, such as '0:0:0:0:0:ffff:7f00:1', to a route that is protected by OpenClaw's SSRF guard. This can be done using a tool or script that allows for custom HTTP requests, such as curl or Postman.

Remediation

Users can upgrade to OpenClaw version 2026.2.14 or later, where this vulnerability has been patched.