OpenClaw Server-Side Request Forgery Vulnerability in Multiple Channel Extensions
Vulnerability
A server-side request forgery (SSRF) vulnerability has been identified in OpenClaw versions prior to 2026.3.25. This vulnerability exists in several channel extensions that do not properly protect configured base URLs from SSRF attacks. Exploitation of this vulnerability allows attackers to manipulate requests to internal destinations that are usually blocked, potentially accessing restricted resources.
Impact
Exploitation of this vulnerability allows for server-side request forgery, where an attacker can make the server send requests to internal services or resources, bypassing network restrictions.
Reproduction
The vulnerability can be reproduced by configuring a channel extension with a base URL that points to an internal resource. Once the URL is set, the extension can be triggered to make a fetch request to the configured URL. Without the proper SSRF guard, the request can be redirected to a blocked internal destination, accessing restricted resources.
Remediation
Users can update to OpenClaw version 2026.3.25 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.