OpenClaw Server-Side Request Forgery Vulnerability in WebSocket CDP Endpoint

A server-side request forgery (SSRF) vulnerability has been identified in OpenClaw versions prior to 2026.4.5. The issue resides in the CDP /json/version WebSocket endpoint, where the webSocketDebuggerUrl response field is not properly validated. This lack of validation allows attackers to redirect connections to arbitrary hosts, enabling them to pivot to untrusted second-hop targets and perform SSRF-style attacks.

Impact

Exploitation of this vulnerability could lead to unauthorized requests being sent to internal or external services, potentially allowing attackers to access sensitive information or perform actions on behalf of the vulnerable application.

Reproduction

To reproduce this vulnerability, connect to the CDP WebSocket endpoint and request the /json/version resource. The response will include the webSocketDebuggerUrl field, which can be manipulated to point to an untrusted second-hop target. If the target is within the allowed hostnames of the SSRF policy, the connection will be established, demonstrating the pivot capability.

Remediation

Users should upgrade to OpenClaw version 2026.4.5 or later. The latest npm release, 2026.4.14, includes the fix.