OpenClaw Server-Side Request Forgery Policy Bypass Vulnerability in Existing-Session Browser Interaction Routes
Vulnerability
A server-side request forgery (SSRF) policy bypass vulnerability has been identified in OpenClaw versions prior to 2026.4.10. This vulnerability allows attackers to circumvent SSRF navigation guards in existing-session browser interaction routes, enabling unauthorized interactions with or navigation to restricted targets without proper policy enforcement.
Impact
Exploitation of this vulnerability allows existing-session browser interaction routes to bypass SSRF policy checks, potentially leading to unauthorized access or interaction with sensitive targets.
Reproduction
The vulnerability can be reproduced by navigating to an existing-session browser interaction route while an SSRF policy is in place. The route will bypass the SSRF navigation guard, allowing interaction with unauthorized targets.
Remediation
Users are advised to upgrade to OpenClaw version 2026.4.10 or later. The latest npm release, 2026.4.14, includes the fix.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.