Mason Huang

1 exploit Active since May 2026
CVE-2026-43527 WRITEUP HIGH WRITEUP
OpenClaw < 2026.4.14 - Server-Side Request Forgery via Private Network Navigation
OpenClaw before 2026.4.14 contains a server-side request forgery vulnerability in browser SSRF policy that allows private-network navigation by default. Attackers can exploit this misconfiguration to access internal services or metadata endpoints through browser-driven requests.
CVSS 7.7