CVE-2026-43580
OpenClaw before 2026.4.10 contains an incomplete navigation guard vulnerability that allows attackers to trigger navigation without complete SSRF policy enforcement. Browser press/type style interactions, including pressKey and type submit flows, can bypass post-action security checks to execute unauthorized navigation.
View on NVDAnalysis
OpenClaw is an open-source recreation of a retro game engine, which is not a common component in the professional web or mobile development stacks used by the community. While the SSRF policy bypass is a high-severity issue, the extremely niche nature of this specific software means it does not warrant a broad alert to systems administrators or developers.
Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NCWE-862EPSS
No EPSS score yet (CVE may be too fresh).
Technical description
OpenClaw before 2026.4.10 contains an incomplete navigation guard vulnerability that allows attackers to trigger navigation without complete SSRF policy enforcement. Browser press/type style interactions, including pressKey and type submit flows, can bypass post-action security checks to execute unauthorized navigation.
References
- https://github.com/openclaw/openclaw/commit/049acf23cb03e1b92f5c71cd99c6ec5f35cc56fe
- https://github.com/openclaw/openclaw/commit/5f5b3d733bdd791cb457f838514179e1288b10b3
- https://github.com/openclaw/openclaw/commit/e0b8ddc1a55185aff1cf9e0e095014d2e4f1d894
- https://github.com/openclaw/openclaw/security/advisories/GHSA-536q-mj95-h29h
- https://www.vulncheck.com/advisories/openclaw-incomplete-navigation-guard-coverage-in-browser-interactions