OpenClaw Server-Side Request Forgery Vulnerability in Web Fetch Tool

A server-side request forgery (SSRF) vulnerability has been identified in OpenClaw versions through 2026.1.26. The issue resides in the web-fetch tool, specifically within the assertPublicHostname handler. This vulnerability allows AI agents to fetch URL content, but the protection mechanism can be bypassed through a DNS rebinding attack. Although the project blocks private IPs and certain domain names, an attacker can exploit the timing between the security check and the actual HTTP request to redirect the request to a private IP, such as AWS metadata services.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can manipulate the application into making requests on its behalf. This could lead to unauthorized access to internal services or metadata APIs, potentially exposing sensitive information such as credentials.

Reproduction

To reproduce this vulnerability, an attacker must control a DNS server and set it to return a public IP address during the security check, then switch it to a private IP before the actual HTTP request is made. This requires precise timing and knowledge of the application's DNS resolution process.

Remediation

Users are advised to upgrade to OpenClaw version 2026.1.29, which addresses the vulnerability by improving the SSRF protection mechanism. The update is available on the OpenClaw GitHub releases page.