Skip to content
CVSS 7.6 · HIGH

CVE-2026-41912

OpenClaw before 2026.4.8 contains a server-side request forgery policy bypass vulnerability allowing attackers to trigger navigations bypassing normal SSRF checks. Attackers can exploit browser interactions to bypass SSRF protections and access restricted resources.

Ver en NVD

Análisis

OpenClaw is an open-source game engine project for a 1997 platformer, which is not relevant to professional web, mobile, or backend development. While the SSRF vulnerability is rated as high severity, the product is niche software and does not affect the common open-source stack used by the community.

Severidad

Puntaje: 7.6(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
AV: NETWORK
AC: LOW
PR: LOW
UI: REQUIRED
S: CHANGED
C: HIGH
I: LOW
A: NONE
Tipo de falla (CWE): CWE-918

EPSS

Probabilidad de explotación (próx. 30 días): 0.0003 (0.0%)
Percentil: 8.1%
EPSS: 2026-05-06

Afecta

openclaw:openclaw

Descripción técnica

OpenClaw before 2026.4.8 contains a server-side request forgery policy bypass vulnerability allowing attackers to trigger navigations bypassing normal SSRF checks. Attackers can exploit browser interactions to bypass SSRF protections and access restricted resources.

Publicada: 28/4/2026, 19:37:44
Última modificación: 30/4/2026, 19:38:47

Referencias

InicioEventosBlogRecursosEquipo