OpenClaw Improper Access Control Vulnerability in Browser Routes Allowing Internal Content Exposure

An improper access control vulnerability has been identified in OpenClaw versions prior to 2026.4.14. This vulnerability exists in the browser snapshot, screenshot, and tab routes, which do not consistently validate the final browser target after navigation. As a result, authenticated users can bypass server-side request forgery (SSRF) restrictions and access internal or disallowed page content by exploiting the navigation flow without proper policy re-validation.

Impact

Exploitation of this vulnerability could lead to unauthorized access to internal or restricted page content, bypassing established SSRF protections.

Reproduction

The vulnerability can be reproduced by navigating through the affected browser routes (snapshot, screenshot, or tabs) while authenticated. The initial navigation can be to a permitted page, but the final target must be one that is typically restricted or internal. This can be achieved by manipulating the navigation flow to bypass SSRF checks, such as by opening a tab that leads to a disallowed URL after the route has been accessed.

Remediation

Users are advised to upgrade to OpenClaw version 2026.4.14 or later, as this version includes the necessary fix. The latest npm release, 2026.4.14, already contains this update.